Share this post:

HTTP Host header value is use to generate links, import scripts and generate password resets. The value can be controlled by attacker and be exploited using web-cache poisoning and alternative channels. In Log Analysis, host header injection can be exploited to run scripts in the context of the application by remote file inclusion in particular pre-login scenario.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.1
Log Analysis 1.3.2
Log Analysis 1.3.3
Log Analysis 1.3.4
Log Analysis 1.3.5
Log Analysis 1.3.6

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6242210





Source link

Write a comment:
*

Your email address will not be published.