IBM Connections CVE-2018-1896 Host Header Injection Vulnerability

Bugtraq ID:	106197
Class:	Input Validation Error
CVE:	CVE-2018-1896
Remote:	Yes
Local:	No
Published:	Dec 05 2018 12:00AM
Updated:	Dec 05 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	IBM Connections 6.0 CR3 IBM Connections 6.0 CR2 IBM Connections 6.0 IBM Connections 5.5 CR3 IBM Connections 5.5 CR2 IBM Connections 5.5 CR1 IBM Connections 5.5 IBM Connections 5.0 CR4 IBM Connections 5.0 CR3 IBM Connections 5.0 CR1 IBM Connections 5.0
Not Vulnerable:

IBM Connections CVE-2018-1896 Host Header Injection Vulnerability

IBM Connections is prone to an host header-injection vulnerability because it fails to properly validate an HTTP request header.

A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain.

IBM Connections CVE-2018-1896 Host Header Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM Connections CVE-2018-1896 Host Header Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Connections CVE-2018-1896 Host Header Injection Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896) (IBM)