Описание
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.
Ссылки
- VDB Entry
- Vendor Advisory
- VDB Entry
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.
EPSS
5.4 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2