You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Deepak Dixit (Jira)" <ji...@apache.org> on 2020/10/22 10:59:00 UTC
[jira] [Assigned] (OFBIZ-12043) Host Header Injection still present
on present release
[ https://issues.apache.org/jira/browse/OFBIZ-12043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Deepak Dixit reassigned OFBIZ-12043:
------------------------------------
Assignee: Deepak Dixit
> Host Header Injection still present on present release
> ------------------------------------------------------
>
> Key: OFBIZ-12043
> URL: https://issues.apache.org/jira/browse/OFBIZ-12043
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: 17.12.04
> Reporter: MrR3boot
> Assignee: Deepak Dixit
> Priority: Major
> Labels: security
>
> It look like CVE-2019-12425 is not properly fixed in the 17.12.0.4 release. I can login to the application by changing host header to 127.0.0.1 and can access other applications.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)