[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] NEProfile - Host Header Injection

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] NEProfile - Host Header Injection
From: <ghost@xxxxxxxxxxxxxx>
Date: Fri, 21 Aug 2020 10:30:47 -0700

 Exploit Title: NEProfile - Host Header Injection
Date: 5/13/2020
Vendor Homepage: https://seczetta.com
Software Link: https://seczetta.com/product/ne-profile
Version: 3.3.11
Tested on: 3.3.11
Exploit Author: Josh Sheppard & Bryan Clements 
Exploit Contact: ghost () a t undervurse dot_com & mavr1ck2020 a t protonmail 
dot_com
Exploit Technique: Remote
CVE ID: CVE-2020-12855

1. Description

A host header injection vulnerability has been discovered in SecZetta's 
NEProfile product. Authenticated remote adversaries can poison the host header 
resulting in the attacker controlling response 302 execution flow.

The issue affects version 3.3.11 and has not been tested on other versions of 
the product.

2. Disclosure Timeline

5/4/20 - Discovery and Exploitation
5/12/20 - Vendor Notified
7/18/20 - Patch / Hotfix Created

3. Mitigation

Apply hotfix provided by vendor

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Google Chromecast Auth Bypass/RCE
Next by Date: [FD] A Tale of Escaping a Hardened Docker container
Previous by thread: [FD] Google Chromecast Auth Bypass/RCE
Next by thread: [FD] A Tale of Escaping a Hardened Docker container
Index(es):
- Date
- Thread