CVE-2018-25016

CRITICAL

Greenbone Security Assistant < 7.0.3 and Greenbone OS < 5.0.0 - Host Header Injection

Title source: llm
STIX 2.1

Description

Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/greenbone/gsa/pull/318
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/greenbone/gsa/releases/tag/v7.0.3

Scores

CVSS v3 9.8
EPSS 0.0128
EPSS Percentile 66.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (2)
greenbone/greenbone_os < 5.0.0
greenbone/greenbone_security_assistant < 7.0.3
Published Jun 21, 2021
Tracked Since Feb 18, 2026