OFBiz OFBiz - Notifications

[jira] [Created] (OFBIZ-12043) Host Header Injection still present on present release

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (OFBIZ-12043) Host Header Injection still present on present release

Nicolas Malin (Jira)
MrR3boot created OFBIZ-12043:
--------------------------------

             Summary: Host Header Injection still present on present release
                 Key: OFBIZ-12043
                 URL: https://issues.apache.org/jira/browse/OFBIZ-12043
             Project: OFBiz
          Issue Type: Bug
    Affects Versions: 17.12.04
            Reporter: MrR3boot


It look like CVE-2019-12425 is not properly fixed in the 17.12.0.4 release. I can login to the application by changing host header to 127.0.0.1 and can access other applications. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Free forum by Nabble Edit this page