MrR3boot created OFBIZ-12043:
--------------------------------
Summary: Host Header Injection still present on present release
Key: OFBIZ-12043
URL: https://issues.apache.org/jira/browse/OFBIZ-12043
Project: OFBiz
Issue Type: Bug
Affects Versions: 17.12.04
Reporter: MrR3boot
It look like CVE-2019-12425 is not properly fixed in the 17.12.0.4 release. I
can login to the application by changing host header to 127.0.0.1 and can
access other applications.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
