oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2019-12425] Apache OFBiz Host Header Injection

From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Thu, 30 Apr 2020 14:11:22 +0200
Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts

Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
----

Credit:
Pradeep Jairamani <pradeepjairamani22 () gmail com>

References:
https://ofbiz.apache.org/security.html
Previous By Date Next
Previous By Thread Next

Current thread: