Описание
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.
Ссылки
- VDB EntryVendor Advisory
- Permissions Required
- VDB EntryVendor Advisory
- Permissions Required
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.
EPSS
5.3 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2