IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2019-09-05T14:50:15.588572Z

Updated: 2024-09-16T16:43:20.348Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4186

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-05T15:15:12.970

Modified: 2024-11-21T04:43:17.840

Link: CVE-2019-4186

cve-icon Redhat

No data.