How severe is CVE-2021-21265?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-21265?

This is classified as CWE-644, which is a common weakness in software security.

CVE-2021-21265 - HIGH Severity | CVSS 7.5

Vulnerability Description

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting cms.linkPolicy to force.

Related Vulnerabilities

CVE-2024-1064

HIGH

CVSS:7.5(High)

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host he...

CWE-6442024

CVE-2023-36921

HIGH

CVSS:7.2(High)

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On ...

CWE-6442023

CVE-2022-22399

MEDIUM

CVSS:6.5(Medium)

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against th...

CWE-6442022

CVE-2017-6031

HIGH

CVSS:8.8(High)

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may all...

CWE-6442017

CVE-2020-6982

HIGH

CVSS:8.8(High)

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.

CWE-6442020

CVE-2023-32465

HIGH

CVSS:8.8(High)

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery...

CWE-6442023