Publish Date: March 4, 2021
Summary
A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to an arbitrary website, where the arbitrary site could be setup with poisoned aHost header.
The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack. As a result, targeted Desktop installations could be used for domain fronting, meaning the installations could be used by attackers to hide behind, in order to perform various other attacks.
Who’s Affected?
At this time, we do not believe anyone was affected by this vulnerability.
Details
We recommend taking the below steps to secure your installation(s) of Spiceworks Desktop app.
Add the below new configuration to your...