CVE-2017-14087

high-risk
Published 2017-10-06

A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

Do I need to act?

!
22.5% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
42895
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Trendmicro

References (16)

Exploit http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-...
Exploit http://packetstormsecurity.com/files/144404/TrendMicro-OfficeScan-11.0-XG-12.0-H...
Exploit http://seclists.org/fulldisclosure/2017/Sep/86
http://www.securityfocus.com/archive/1/541267/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/101074
Third Party Advisory http://www.securitytracker.com/id/1039500
Mitigation https://success.trendmicro.com/solution/1118372
Exploit https://www.exploit-db.com/exploits/42895/
Exploit http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-...
Exploit http://packetstormsecurity.com/files/144404/TrendMicro-OfficeScan-11.0-XG-12.0-H...
Exploit http://seclists.org/fulldisclosure/2017/Sep/86
http://www.securityfocus.com/archive/1/541267/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/101074
Third Party Advisory http://www.securitytracker.com/id/1039500
Mitigation https://success.trendmicro.com/solution/1118372
Exploit https://www.exploit-db.com/exploits/42895/
54
/ 100
high-risk
Severity 26/34 · High
Exploitability 21/34 · High
Exposure 7/34 · Low