Description
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158965/SecZetta-NEProfile-3.3.11-Host-Header-Injection.html
Scores
CVSS v3
8.8
EPSS
0.0223
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
seczetta/neprofile
3.3.11
Published
Aug 26, 2020
Tracked Since
Feb 18, 2026