Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| eDiscovery Analyzer | 2.2.2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6202751
The post Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/35eTaxW
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.