CVE-2015-7318

Опубликовано: 25 сент. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

Ссылки

http://www.openwall.com/lists/oss-security/2015/09/22/16
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1264796
Issue Tracking
Patch
Third Party Advisory
https://plone.org/security/hotfix/20150910
Patch
Vendor Advisory
https://plone.org/security/hotfix/20150910/header-injection
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/09/22/16
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1264796
Issue Tracking
Patch
Third Party Advisory
https://plone.org/security/hotfix/20150910
Patch
Vendor Advisory
https://plone.org/security/hotfix/20150910/header-injection
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00431

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2015-7318

redhat

больше 10 лет назад