oss-sec mailing list archives
[SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting
From: Dave Brondsema <brondsem () apache org>
Date: Thu, 15 Mar 2018 14:52:52 -0400
CVE-2018-1319 Apache Allura HTTP response splitting Severity: Important Versions Affected: All Description: Attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session. Mitigation: Users of Allura should upgrade to Allura 1.8.1 immediately. Credit: This issue was discovered by Everardo Padilla Saca
Current thread:
- [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting Dave Brondsema (Mar 15)