CVE-2019-12425

March 21, 2021

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

Summary:

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

Reference Links(if available):

  • https://s.apache.org/7sr1x
  • https://lists.apache.org/thread.html/r5181b36218225447d3ce70891eeccfb6d6885309dffd7e0e59091817@%3Cuser.ofbiz.apache.org%3E
  • https://lists.apache.org/thread.html/r907ce90745b52d2d5b6a815de03fd1d5f3831ab579a81d70cfda6f3d@%3Cuser.ofbiz.apache.org%3E
  • https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5@%3Ccommits.ofbiz.apache.org%3E

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    gophish

    GoPhish Login Page Detected – 15[.]236[.]5[.]186:443

    April 16, 2024
    gophish

    GoPhish Login Page Detected – 35[.]232[.]52[.]240:443

    April 16, 2024
    gophish

    GoPhish Login Page Detected – 34[.]175[.]0[.]236:443

    April 16, 2024
    gophish

    GoPhish Login Page Detected – 122[.]8[.]152[.]116:443

    April 16, 2024
    image

    CACTUS Ransomware Victim: https://www[.]regulatormarine[.]com/

    April 16, 2024