IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2021-08-17T13:55:12.216858Z

Updated: 2024-09-16T20:43:10.370Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4706

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-17T14:15:07.323

Modified: 2024-11-21T05:33:09.480

Link: CVE-2020-4706

cve-icon Redhat

No data.