Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Dec 2017 12:35:21 +0200
From: Arina Ielchiieva <>
To: user <>,, 
	Sanjog <>, security <>,
Subject: [SECURITY] CVE-2017-12630 Apache Drill XSS vulnerability

*CVE-2017-12630 Apache Drill XSS vulnerability*

*Severity*: Important

*Vendor:* The Apache Software Foundation

*Versions Affected:*
Apache Drill 1.11.0 and earlier

In Apache Drill 1.11.0 and earlier when submitting form from Query page
users are able to pass arbitrary script or HTML which will take effect on
Profile page afterwards.

After submitting special script that returns cookie information from Query
page, malicious user may obtain this information from Profile page

Users of the affected versions should upgrade to Apache Drill to 1.12.0 and

Sanjog Panda

Kind regards

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ