CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html | Exploit |
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php | Exploit |
https://kallithea-scm.org/security/cve-2015-5285.html | Exploit Patch Vendor Advisory |
https://www.exploit-db.com/exploits/38424/ | Exploit |
Configurations
History
No history.
Information
Published : 2015-10-29 20:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5285
Mitre link : CVE-2015-5285
CVE.ORG link : CVE-2015-5285
JSON object : View
Products Affected
kallithea-scm
- kallithea
CWE