| Titel | BootDo web V1.0 Host header injection |
|---|
| Beschreibung | I found a "host header injection" vulnerability in the AccessControlFilter.java file.
The AccessControlFilter.java file is located in the shrio permission validation component of the project.
He used a method called redirectToLogin that invoked the WebUtils.issueRedirect vulnerability, which set the hostname of the request to the host by default |
|---|
| Quelle | ⚠️ https://github.com/webzzaa/CVE-/issues/5 |
|---|
| Benutzer | Tom132432 (UID 85670) |
|---|
| Einreichung | 11.01.2026 10:35 (vor 6 Monaten) |
|---|
| Moderieren | 24.01.2026 20:20 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 342794 [lcg0124 BootDo bis 5ccd963c74058036b466e038cff37de4056c1600 Host Header AccessControlFilter.java redirectToLogin Hostname Redirect] |
|---|
| Punkte | 18 |
|---|