CVE-2019-12425 — HIGH (7.5)

Vulnerability Description

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Ofbiz	17.12.01

Related Weaknesses (CWE)

CWE-74

References

https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa
https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c1
https://lists.apache.org/thread.html/r5181b36218225447d3ce70891eeccfb6d6885309df
https://lists.apache.org/thread.html/r907ce90745b52d2d5b6a815de03fd1d5f3831ab579
https://s.apache.org/7sr1xMailing ListVendor Advisory
https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa
https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c1
https://lists.apache.org/thread.html/r5181b36218225447d3ce70891eeccfb6d6885309df
https://lists.apache.org/thread.html/r907ce90745b52d2d5b6a815de03fd1d5f3831ab579
https://s.apache.org/7sr1xMailing ListVendor Advisory

FAQ

What is CVE-2019-12425?

CVE-2019-12425 is a vulnerability with a CVSS score of 7.5 (HIGH). Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

How severe is CVE-2019-12425?

CVE-2019-12425 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12425?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Ofbiz.