[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-announce
Subject: [CVE-2019-12425] Apache OFBiz Host Header Injection
From: "jleroux () apache ! org" <jleroux () apache ! org>
Date: 2020-04-30 12:38:42
Message-ID: ca9ef038-3185-fe76-136b-7006e4f2e2a2 () apache ! org
[Download RAW message or body]
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts
Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
----
Credit:
Pradeep Jairamani <pradeepjairamani22@gmail.com>
References:
https://ofbiz.apache.org/security.html
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>
</p>
<div class="moz-text-flowed" style="font-family: -moz-fixed;
font-size: 15px;" lang="x-unicode">Severity:
<br>
Important
<br>
<br>
Vendor:
<br>
The Apache Software Foundation
<br>
<br>
Versions Affected:
<br>
OFBiz 17.12.01
<br>
<br>
Description:
<br>
Apache OFBiz is vulnerable to Host header injection by accepting
arbitrary hosts
<br>
<br>
Mitigation:
<br>
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
<br>
----
<br>
<br>
Credit:
<br>
Pradeep Jairamani <a class="moz-txt-link-rfc2396E"
href="mailto:pradeepjairamani22@gmail.com"><pradeepjairamani22@gmail.com></a>
<br>
<br>
References:
<br>
<a class="moz-txt-link-freetext"
href="https://ofbiz.apache.org/security.html">https://ofbiz.apache.org/security.html</a>
<br>
<br>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic