LONDON, Oct. 15, 2021 /PRNewswire-PRWeb/ — RedHunt Labs, using its Internet-Scale ASM solution NVADR, continuously discovers a wide variety of exposed/untracked assets and monitors the organization’s external Attack Surface (also known as “Hacker’s View of the organization”) including Shadow IT. While working with organizations of various sizes and exposure, it sometimes discovers security risks previously unknown to the software vendor/developer, called zero-day vulnerabilities.
During one such assessment for a customer, NVADR discovered a zero-day vulnerability in Nexus Repository 3 OSS, a popular repository manager. The discovered vulnerability i.e. HTTP Host header injection was identified based on the signatures embedded in the scanning engine of the platform.
HTTP Host header injection vulnerabilities arise when an application accepts the ‘Host’ header value without adequate validation / escaping and is processed by the server. Depending upon the server configuration/data processing, this could lead to security issues, such as password reset poisoning, web cache poisoning, SSRF via flawed request parsing, Host header authentication bypass etc.
It was identified that Nexus Repository 3 OSS application accepted user-supplied ‘Host’ header value to generate URLs (in application body). The CVSS v3.1 Base Score assigned to the vulnerability by NIST was 8.2 (HIGH).
Once the vulnerability was identified by the platform, it was responsibly disclosed to the Sonatype security team. A detailed advisory was later published on the Sonatype support website along with the information of the affected versions. The CVE id allocated to the vulnerability is CVE-2021-40143.
A quick check on our internet scan data set revealed that hundreds of hosts are currently exposed on the internet, which could be affected by this vulnerability. If you are using Nexus Repository 3, it is recommended to update it to the latest secure version and continuously track for resurfacing of such assets.
Similar to Nexus Repository, NVADR detects a wide variety of exposed assets, as well as related security issues and help organizations in discovering security risks before attackers do. Our customers get a holistic view of their “modern” exposure on the internet along with the context in terms of technology, services, tags and more intelligence. This helps them track down their ‘unknown unknowns’ and take proactive steps to reduce their attack surface quickly. If you would like to see the platform in action, schedule a demo with our team.
About RedHunt Labs:
RedHunt Labs is a modern-age cybersecurity company that specialises in Attack Surface Management (ASM) and security consulting services. With its proprietary SaaS platform – NVADR, RedHunt Labs discovers a wide variety of untracked and exposed assets that helps SMEs and large enterprises strengthen their external cybersecurity posture and avoid security risks continuously.
For more information, visit us at https://redhuntlabs.com/
Follow us on social media: LinkedIn and Twitter.
Media Contact
Sudhanshu Chauhan, RedHunt Labs, 91 9971658929, [email protected]
SOURCE RedHunt Labs
