CVE-2024-30129

Summary

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareNomad server on Domino<1.0.14affected

Weaknesses

  • CWE-644: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References