Host Header Injection Vulnerability in Nagios XI by Nagios
CVE-2024-14006
What is CVE-2024-14006?
Nagios XI versions prior to 2024R1.2.2 are susceptible to a host header injection flaw. This vulnerability occurs because the application does not validate the user-supplied HTTP Host header thoroughly when generating absolute URLs. An unauthenticated attacker can exploit this weakness by sending a specially crafted Host header. Successful exploitation can lead to various attacks, including the potential for phishing, hijacking account recovery links, and web cache poisoning. It is crucial for users to apply the necessary security updates to ensure their systems are protected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
XI 0
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved
