Описание
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0.0 (включая) до 5.0.15 (исключая)
Одновременно
cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.0001
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-644
Связанные уязвимости
CVSS3: 5.4
github
около 2 месяцев назад
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
EPSS
Процентиль: 1%
0.0001
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-644