Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements vulnerability in EJBCA
Vulnerability Description
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.
CVSS Information
N/A
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
EJBCA 注入漏洞
Vulnerability Description
EJBCA是Keyfactor开源的一个开源公钥基础设施(PKI)和证书颁发机构(CA)软件。 EJBCA 8.0版本存在注入漏洞,该漏洞源于通过修改Host标头可能导致重定向攻击。
CVSS Information
N/A
Vulnerability Type
N/A