First published: Sat Mar 21 2020(Updated: )
lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Lix Project Lix | <=15.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10800 is a vulnerability in Lix through version 15.8.7 that allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream.
CVE-2020-10800 works by manipulating the Location header in the HTTP client-server data stream to associate it with attacker-controlled executable content.
The severity of CVE-2020-10800 is rated as high with a CVSS score of 8.1.
Versions up to and including 15.8.7 of Lix are affected by CVE-2020-10800.
To fix CVE-2020-10800, it is recommended to update to a version of Lix that is not affected by the vulnerability.