exploitDog

CVE-2025-3026

Опубликовано: 31 мар. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ejbca
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*

Версия от 8.0 (включая) до 9.1 (исключая)

EPSS

Процентиль: 38%

0.00167

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-74

Связанные уязвимости

GHSA-jwrv-4xvm-wq5g

CVSS3: 6.1

github

10 месяцев назад

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.

EPSS

Процентиль: 38%

0.00167

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-74