CVE-2023-47143
CRITICALDescription
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.
Is your site exposed to CVE-2023-47143?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | tivoli_application_dependency_discovery_manager |
References
Frequently Asked Questions
What is CVE-2023-47143? +
How severe is CVE-2023-47143? +
What products are affected by CVE-2023-47143? +
How do I check if I'm vulnerable to CVE-2023-47143? +
Related Vulnerabilities
Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially …
Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior …
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into …
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass …
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which …
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger …