CVE-2021-41114

TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...

CVE-2021-41114 HTTP Host Header Injection in Request Handling in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-015...

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-015...

PT-2021-23098 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to the fix of the regression introduced during TYPO3 v11 development Description: The issue is related to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses this header to generate absolute URLs,...

GHSA-7774-7VR3-CC8J Authorization Policy Bypass Due to Case Insensitive Host Comparison

Impact According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The Envoy proxy will route the request hostname in a case-insensitive way which means the authorization policy...

Improper Handling of Case Sensitivity

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Improper Handling of Case Sensitivity

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Privilege Escalation

Istio is vulnerable to privilege escalation. The vulnerability exists due to case insensitive when authorizing hostname in the HTTP Host header...

CVE-2021-39155

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

CVE-2021-39155 Authorization Policy Bypass Due to Case Insensitive Host Comparison

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Authorization Bypass

haproxy is vulnerable to authorization bypass. Lack of validation of the HTTP Host header could potentially result in bypass of access controls due to a mishandling of the Host and authority...

CVE-2021-39242

haproxy was found to be vulnerable to HTTP host header attack: This problem creates a scenario in which it's possible to drop the Host header and use the authority only after forwarding to a second http2 layer, possibly causing two differing values of Host at a different stage. The highest threat...

CVE-2021-39242

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled...

Design/Logic Flaw

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled...

CVE-2021-39242

HAProxy contains a vulnerability (CVE-2021-39242) affecting 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3 where mismatch between Host and authority can allow an attacker-controlled HTTP Host header. Reports indicate this could enable manipulation of requests and potential impac...

CVE-2021-39242

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled...

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

Hardcoded credentials

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...