Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-12630

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2017-12630
  • Apache » Drill » Version: 0.4.0
    cpe:2.3:a:apache:drill:0.4.0
  • Apache » Drill » Version: 0.5.0
    cpe:2.3:a:apache:drill:0.5.0
  • Apache » Drill » Version: 0.6.0
    cpe:2.3:a:apache:drill:0.6.0
  • Apache » Drill » Version: 0.7.0
    cpe:2.3:a:apache:drill:0.7.0
  • Apache » Drill » Version: 0.8.0
    cpe:2.3:a:apache:drill:0.8.0
  • Apache » Drill » Version: 0.9.0
    cpe:2.3:a:apache:drill:0.9.0
  • Apache » Drill » Version: 1.0.0
    cpe:2.3:a:apache:drill:1.0.0
  • Apache » Drill » Version: 1.1.0
    cpe:2.3:a:apache:drill:1.1.0
  • Apache » Drill » Version: 1.10.0
    cpe:2.3:a:apache:drill:1.10.0
  • Apache » Drill » Version: 1.11.0
    cpe:2.3:a:apache:drill:1.11.0
  • Apache » Drill » Version: 1.2.0
    cpe:2.3:a:apache:drill:1.2.0
  • Apache » Drill » Version: 1.3.0
    cpe:2.3:a:apache:drill:1.3.0
  • Apache » Drill » Version: 1.4.0
    cpe:2.3:a:apache:drill:1.4.0
  • Apache » Drill » Version: 1.5.0
    cpe:2.3:a:apache:drill:1.5.0
  • Apache » Drill » Version: 1.6.0
    cpe:2.3:a:apache:drill:1.6.0
  • Apache » Drill » Version: 1.7.0
    cpe:2.3:a:apache:drill:1.7.0
  • Apache » Drill » Version: 1.8.0
    cpe:2.3:a:apache:drill:1.8.0
  • Apache » Drill » Version: 1.9.0
    cpe:2.3:a:apache:drill:1.9.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved