Goahead web server update4/11/2023 PS: Affected on most of embedded webservers on hardware such as switches, routers, IOT and IP cameras. This means affected hosts can be used by attackers to hide behind during various other attack The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. # Reference : Vulnerability: Host Header InjectionĪ Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.Īn issue was discovered in GoAhead web server version 2.5.0 (may be affected on other versions too). # Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers. # Exploit Title: GoAhead Web server HTTP Header Injection.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |