Lucene search

MitreCVE-2021-38751

HistoryAug 16, 2021 - 2:15 p.m.

CVE-2021-38751

2021-08-1614:15:07

CWE-116

mitre

web.nvd.nist.gov

cve-2021-38751

http host header attack

exponentcms

security vulnerability

mitm

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.002

Percentile

54.1%

JSON

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.

Affected configurations

Nvd

Node

exponentcmsexponentcmsRange<2.6

VendorProductVersionCPE
exponentcmsexponentcms*cpe:2.3:a:exponentcms:exponentcms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
exponentcms	exponentcms	*	cpe:2.3:a:exponentcms:exponentcms::::::::

References

github.com/exponentcms/exponent-cms/issues/1544

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.002

Percentile

54.1%

JSON

Related for CVE-2021-38751