Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
API Security bypass through header manipulation
Vulnerability Description
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Xerox Workplace Suite 授权问题漏洞
Vulnerability Description
Xerox Workplace Suite是Xerox的一款功能强大的打印管理软件。 Xerox Workplace Suite 5.6.701.9版本存在授权问题漏洞,该漏洞源于API Security被通过修改标头绕过。
CVSS Information
N/A
Vulnerability Type
N/A