2020-03-22 15:50:57
mitre
PUBLISHED
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.