CVE-2023-0100

Name of the Vulnerable Software and Affected Versions Eclipse BIRT versions 2.6.2 through 4.12

Description The issue is related to insufficient input validation when processing host headers with the report parameter. This could allow a remote attacker to gain unauthorized access to protected information or execute arbitrary code. The vulnerability is exploited by tampering with the Host header in certain configurations, such as when no virtual hosts are in place or when the default host points to the BIRT server.

Recommendations For Eclipse BIRT versions 2.6.2 through 4.12, update to Eclipse BIRT 4.13 to resolve the issue. As a temporary workaround, consider restricting access to the report parameter to minimize the risk of exploitation.