[jira] [Closed] (OFBIZ-12043) Host Header Injection still present on present release

MrR3boot (Jira) Thu, 22 Oct 2020 04:10:50 -0700


     [ 
https://issues.apache.org/jira/browse/OFBIZ-12043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


MrR3boot closed OFBIZ-12043.
----------------------------
    Resolution: Invalid

ah nvm!

> Host Header Injection still present on present release
> ------------------------------------------------------
>
>                 Key: OFBIZ-12043
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12043
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: 17.12.04
>            Reporter: MrR3boot
>            Priority: Major
>              Labels: security
>
> It look like CVE-2019-12425 is not properly fixed in the 17.12.0.4 release. I 
> can login to the application by changing host header to 127.0.0.1 and can 
> access other applications. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Closed] (OFBIZ-12043) Host Header Injection still present on present release

Reply via email to