Plattform
java
Komponente
pentaho-business-analytics-server
Behoben in
10.2.0.0
9.3.0.9
CVE-2024-37359 describes a Host Header Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server. This flaw allows attackers to manipulate the Host header in HTTP/HTTPS requests, potentially bypassing security controls like firewalls. The vulnerability impacts versions 1.0 through 9.3.0.8, and a fix is available in version 9.3.0.9.
An attacker can exploit this vulnerability by crafting malicious HTTP/HTTPS requests with manipulated Host headers. This allows them to trick the server into believing the request originates from a trusted source, effectively bypassing access controls and potentially gaining unauthorized access to sensitive data or functionality. The attacker could redirect requests to unintended destinations, potentially exfiltrating data or launching further attacks. This bypass could allow attackers to access internal resources normally protected by network segmentation or firewalls, significantly expanding the blast radius of a successful attack.
This vulnerability was publicly disclosed on 2025-02-19. There are currently no known public exploits or active campaigns targeting this specific vulnerability, but the ease of exploitation and potential impact warrant careful attention. The vulnerability's nature, allowing Host header manipulation, shares similarities with other bypass techniques and could be incorporated into broader attack strategies. It is not currently listed on the CISA KEV catalog.
Organizations using Pentaho Business Analytics Server in environments with strict network segmentation or firewalls are particularly at risk. Legacy configurations that rely heavily on Host header validation for access control are also vulnerable. Shared hosting environments where multiple tenants share the same server infrastructure should be carefully assessed.
• linux / server: Use tcpdump or wireshark to monitor HTTP/HTTPS traffic and identify requests with unusual or unexpected Host headers. Examine access logs for patterns indicating Host header manipulation attempts.
ttcpdump -i any -A 'host header contains "malicious.example.com"'• generic web: Use curl to test endpoint exposure with different Host headers. Check response headers for unexpected behavior.
curl -H "Host: malicious.example.com" https://your-pentaho-server/your-endpointdisclosure
Exploit-Status
EPSS
0.03% (10% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-37359 is to upgrade Pentaho Business Analytics Server to version 9.3.0.9 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter incoming requests and validate the Host header. Configure the WAF to reject requests with unexpected or malicious Host headers. Additionally, review and strengthen network segmentation to limit the potential impact of a successful exploitation. Carefully examine the server's configuration to ensure that it is not inadvertently allowing requests from untrusted sources.
Aktualisieren Sie Hitachi Vantara Pentaho Business Analytics Server auf Version 10.2.0.0 oder 9.3.0.9 oder eine spätere Version. Dies behebt die Server Side Request Forgery (SSRF)-Schwachstelle, indem der Host-Header eingehender HTTP/HTTPS-Anfragen korrekt validiert wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-37359 is a HIGH severity vulnerability allowing attackers to manipulate the Host header, potentially bypassing access controls in Pentaho Business Analytics Server versions 1.0–9.3.0.8.
If you are running Pentaho Business Analytics Server versions 1.0 through 9.3.0.8, you are potentially affected by this vulnerability. Upgrade to 9.3.0.9 or later to mitigate the risk.
The recommended fix is to upgrade to Pentaho Business Analytics Server version 9.3.0.9 or later. As a temporary workaround, implement a WAF to filter malicious Host header requests.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the Hitachi Vantara security advisory for detailed information and updates regarding CVE-2024-37359.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.