First published: Tue Nov 26 2019(Updated: )
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Sitefinity | >=9.1<9.1.6185 | |
Progress Sitefinity | >=9.2<9.2.6276 | |
Progress Sitefinity | >=10.0<10.0.6431 | |
Progress Sitefinity | >=10.1<10.1.6542 | |
Progress Sitefinity | >=10.2<=10.2.6651 | |
Progress Sitefinity | >=11.0<=11.0.6739 | |
Progress Sitefinity | >=11.1<=11.1.6828 | |
Progress Sitefinity | >=11.2<=11.2.6934 | |
Progress Sitefinity | >=12.0<=12.0.7032 | |
Progress Sitefinity | >=12.1<=12.1.7128 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17392 is a vulnerability in Progress Sitefinity 12.1 that allows for weak password recovery due to mishandling of the HTTP Host header.
CVE-2019-17392 has a severity rating of 9.8, which is considered critical.
CVE-2019-17392 affects versions 9.1.6185 to 12.1.7128 of Progress Sitefinity.
To fix CVE-2019-17392, it is recommended to update Progress Sitefinity to a version that has addressed the vulnerability.
You can find more information about CVE-2019-17392 at the following link: [Security Advisory for Resolving Security vulnerabilities - November 2019](https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019).