Approved changes feed: RSS · Atom

cpe:2.3:a:altitude:altitude_communication_server:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAltitude (5e0a6e74-9942-5a28-a59b-474e9d5b94ff)
ProductAltitude Communication Server (2ea636b5-a573-563b-9a3c-4ffc2045f8d2)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-41083 vulnerable 2026-06-08 07:25:06.602344 Improper Neutralization in Altitude Communication Server
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious website. This behavior can be used to redirect clients to endpoints controlled by the attacker.
Published: 2026-01-26T09:42:42.532Z
Updated: 2026-01-26T13:49:41.248Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-41082 vulnerable 2026-06-08 07:25:06.601909 HTTP Request/Response Smuggling in Altitude Communication Server
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.
Published: 2026-01-26T09:24:20.607Z
Updated: 2026-01-26T13:55:47.853Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.