CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*

History

24 Sep 2024, 19:08

Type Values Removed Values Added
First Time Couchbase couchbase Server
Couchbase
CPE cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*
References () https://docs.couchbase.com/server/current/release-notes/relnotes.html - () https://docs.couchbase.com/server/current/release-notes/relnotes.html - Release Notes
References () https://forums.couchbase.com/tags/security - () https://forums.couchbase.com/tags/security - Issue Tracking
References () https://www.couchbase.com/alerts/ - () https://www.couchbase.com/alerts/ - Vendor Advisory
CWE CWE-74
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Couchbase Server 7.6.x anterior a 7.6.2, 7.2.x anterior a 7.2.6 y todas las versiones anteriores permiten la inyección de encabezado de host HTTP.

19 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-19 19:15

Updated : 2024-09-24 19:08


NVD link : CVE-2024-25673

Mitre link : CVE-2024-25673

CVE.ORG link : CVE-2024-25673


JSON object : View

Products Affected

couchbase

  • couchbase_server
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')