CVE-2012-5486

Опубликовано: 06 нояб. 2012

Источник: redhat

CVSS2: 4.3

Описание

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP response, potentially allowing the attacker to perform other more advanced attacks.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Affected
Red Hat Enterprise Linux 5	conga	Fixed	RHSA-2014:1194	16.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-113

https://bugzilla.redhat.com/show_bug.cgi?id=878939(Plone): Reflexive HTTP header injection

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2012-5486

nvd

почти 11 лет назад

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5486

debian

почти 11 лет назад

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used ...

GHSA-77hv-8796-8ccp

CVSS3: 7.5

github

около 7 лет назад

HTTP header injection in Plone and Zope2

ELSA-2014-1194

oracle-oval

почти 11 лет назад

ELSA-2014-1194: conga security and bug fix update (MODERATE)

4.3 Medium

CVSS2