Host Header Injection Vulnerability in Polarion ALM
Monitor5.4SSA-792594Dec 13, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Polarion ALM versions prior to 2304.0 contain a misconfiguration in the default Apache HTTP Server configuration that allows host header injection attacks. An attacker can craft requests with malicious Host headers that the application trusts and reflects in responses, potentially enabling phishing, credential theft, or malware distribution to users.
What this means
What could happen
An attacker could perform host header injection attacks to cause the application to respond with malicious content or redirect users to attacker-controlled sites, potentially enabling credential theft or malware distribution.
Who's at risk
Organizations using Polarion ALM for application lifecycle management or collaborative development should prioritize this update. Polarion is commonly used by engineering teams in utilities, automotive, aerospace, and manufacturing sectors who depend on it for requirements and configuration management.
How it could be exploited
An attacker crafts a request with a malicious Host header to the Polarion ALM web interface. Since the misconfigured Apache server does not properly validate the Host header, the application trusts and reflects this header in responses, allowing the attacker to inject arbitrary content or redirect users.
Prerequisites
- Network access to the Polarion ALM web interface (HTTP/HTTPS port)
- User interaction required (victim must click a malicious link)
remotely exploitablelow complexityrequires user interactionlow EPSS score
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
Polarion ALM< V2304.02304.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Polarion ALM to version 2304.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9cc4712c-95a3-4673-8b33-1806c6c3a8ea