'[oss-security] [CVE-2019-12425] Apache OFBiz Host Header Injection'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2019-12425] Apache OFBiz Host Header Injection
From:       Jacques Le Roux <jacques.le.roux () les7arts ! com>
Date:       2020-04-30 12:11:22
Message-ID: 65d12083-a07c-b486-5f4e-365170833a1a () les7arts ! com
[Download RAW message or body]

Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts

Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
----

Credit:
Pradeep Jairamani <pradeepjairamani22@gmail.com>

References:
https://ofbiz.apache.org/security.html

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic