Jun 30, 2020 8:02 pm EDT
Categorized: Medium Severity
Share this post:
HTTP Host header value is use to generate links, import scripts and generate password resets. The value can be controlled by attacker and be exploited using web-cache poisoning and alternative channels. In Log Analysis, host header injection can be exploited to run scripts in the context of the application by remote file inclusion in particular pre-login scenario.
Affected product(s) and affected version(s):
Affected Product(s) | Version(s) |
Log Analysis | 1.3.1 |
Log Analysis | 1.3.2 |
Log Analysis | 1.3.3 |
Log Analysis | 1.3.4 |
Log Analysis | 1.3.5 |
Log Analysis | 1.3.6 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6242210
from IBM Product Security Incident Response Team https://ift.tt/2Agrwp4
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.