Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Aspera Faspex HTTP header injection
Vulnerability Description
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对HTTP头部进行脚本语法转义处理不恰当
Vulnerability Title
IBM Aspera 安全漏洞
Vulnerability Description
IBM Aspera是美国国际商业机器(IBM)公司的一套基于IBM FASP协议构建的快速文件传输和流解决方案。 IBM Aspera Faspex 5.0.0 和 5.0.1版本存在安全漏洞,该漏洞源于HOST 标头输入验证不正确,允许攻击者对易受攻击的系统进行各种攻击,包括跨站脚本、缓存中毒或会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A