OFBiz OFBiz - Dev

[CVE-2019-12425] Apache OFBiz Host Header Injection

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

[CVE-2019-12425] Apache OFBiz Host Header Injection

Jacques Le Roux
Administrator
Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts

Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
----

Credit:
Pradeep Jairamani <[hidden email]>

References:
https://ofbiz.apache.org/security.html
Free forum by Nabble Edit this page