auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged localhost string in the HTTP Host header.
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Caldera | Mitre | * | 2.6.5 (excluding) |