[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2019-12425] Apache OFBiz Host Header Injection
From: Jacques Le Roux <jacques.le.roux () les7arts ! com>
Date: 2020-04-30 12:11:22
Message-ID: 65d12083-a07c-b486-5f4e-365170833a1a () les7arts ! com
[Download RAW message or body]
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts
Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
----
Credit:
Pradeep Jairamani <pradeepjairamani22@gmail.com>
References:
https://ofbiz.apache.org/security.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic