[ https://issues.apache.org/jira/browse/OFBIZ-12043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
MrR3boot closed OFBIZ-12043. ---------------------------- Resolution: Invalid ah nvm! > Host Header Injection still present on present release > ------------------------------------------------------ > > Key: OFBIZ-12043 > URL: https://issues.apache.org/jira/browse/OFBIZ-12043 > Project: OFBiz > Issue Type: Bug > Affects Versions: 17.12.04 > Reporter: MrR3boot > Priority: Major > Labels: security > > It look like CVE-2019-12425 is not properly fixed in the 17.12.0.4 release. I > can login to the application by changing host header to 127.0.0.1 and can > access other applications. -- This message was sent by Atlassian Jira (v8.3.4#803005)