CVE-2019-12425

CWE-744 documents4 sources
Severity
7.5HIGH
EPSS
2.2%
top 15.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Apache OfbizApache Ofbiz
Timeline
PublishedApr 30
Latest updateMay 24

Description

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/ofbiz17.12.01
CVEListV5apache/apache_ofbiz17.12.01

🔴Vulnerability Details

2
GHSA
GHSA-33xj-83vp-6r44: Apache OFBiz 172022-05-24
CVEList
CVE-2019-12425: Apache OFBiz 172020-04-30

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2019-12425