Miggo Logo
Miggo Vulnerability Database
CVE-2017-3155

CVE-2017-3155:
Cross-site Scripting in Apache Atlas

6.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-3155
GHSA ID
GHSA-q586-7p8w-9pg8
EPSS Score
0.82602%
CWE
CWE-79
Published
5/17/2022
Updated
9/13/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.atlas:atlas-commonmaven>= 0.6.0-incubating, < 0.7.1-incubating0.7.1-incubating

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability (CWE-79) describes cross-frame scripting, which is typically mitigated by setting the X-Frame-Options header. Apache Atlas versions 0.6.0 to 0.7.0-incubating were vulnerable, and the patch in 0.7.1 likely added this header. The SecurityFilter class in Java web applications is a common location for configuring such headers. While no direct code diff is available, the absence of X-Frame-Options in the filter would directly enable this vulnerability. Confidence is medium due to reliance on standard security practices and vulnerability type alignment, though exact code confirmation is unavailable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** *tl*s v*rsions *.*.*-in*u**tin* *n* *.*.*-in*u**tin* w*r* *oun* vuln*r**l* to *ross *r*m* s*riptin*.

Reasoning

T** vuln*r**ility (*W*-**) **s*ri**s *ross-*r*m* s*riptin*, w*i** is typi**lly miti**t** *y s*ttin* t** X-*r*m*-Options *****r. *p**** *tl*s v*rsions *.*.* to *.*.*-in*u**tin* w*r* vuln*r**l*, *n* t** p*t** in *.*.* lik*ly ***** t*is *****r. T** S**u