CVE-2018-1943

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:cloud_private:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_private:3.1.1:*:*:*:*:*:*:*

Information

Published : 2019-04-08 08:29

Updated : 2019-10-09 16:39


NVD link : CVE-2018-1943

Mitre link : CVE-2018-1943


JSON object : View

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Advertisement

dedicated server usa

Products Affected

ibm

  • cloud_private