HTTP Host Header Attack in ExponentCMS by Exponent
CVE-2021-38751

4.3MEDIUM

Key Information:

Vendor: Exponentcms
Status: Exponentcms
Vendor: CVE Published:; 16 August 2021

🔔 Create Exponentcms Vulnerability Alert

What is CVE-2021-38751?

An HTTP Host header attack has been identified in ExponentCMS versions 2.6 and below. This vulnerability allows an attacker to manipulate the HTTP Host header, resulting in the ability to change links on a web page to arbitrary values. Such modifications could potentially open the door for man-in-the-middle (MITM) attacks, posing significant security risks to users. Web administrators are advised to implement security measures to mitigate this risk and ensure their installations are up-to-date.

References

https://github.com/exponentcms/exponent-cms/issues/1544

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2021
Vulnerability Reserved
Aug 16, 2021

CVE-2021-38751 Data

JSON