oss-sec mailing list archives

Re: CVE Request: Plone header injection

From: cve-assign () mitre org
Date: Tue, 22 Sep 2015 17:00:20 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

https://plone.org/security/20150910/header-injection

Users who had access to write cookie values were able to inject headers
into the response.


Use CVE-2015-7318.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWAb4bAAoJEL54rhJi8gl5gWYQAL/UbN6AOxceuGfy+9NJZu1v
9XBnhunTbBTKVC2JkijftSg6d4hetEm/n3kKWKBJWoqrRP6GaD5CgvEqlsnktd12
jxumJeF5LcC9dmF4ke621F/Mso7SyjzrbD4HbsjbKC/QUpKIdxPhuPPN4ah1clV3
dRUG6fSNdP5+cTMMI9ZaRhfAkD7+D91Vwgd342EqjoCpBGvmkOvHLCNOQ+7Wc1ov
uE9CKC3X2MQ0MxI6hZZh1d2xUkvpD187pejYNZVWpL4LwJw0u2HbrBBqCfh3JSd0
rXP2aiUjiCgTAbnbuuiJuxXj7TnT9uHt6Qh/wv9xWTcZnwFSaWDsoQVopCVkc4RA
C3DHHdkzcdMadY3a3JJCgksDEWK4CNejW+NSN+0jaQembB/SxVlpsMgD8z08nMAe
tMvnf0CFRNHejWBZGYbtGVFz4/j+KUyesSDSj+RKcPWseAgvA3HQ9Cv6J2DrXYKk
dMhoRC7sPdb62jXWLatnqavzT3hSutIwqG1xgm/kdDI/F+xDp9rKea8ITfodnJJZ
WXx51IU7d4W9WeAG2t1N8OwxtclnnOlS2QUWmw2hL2lwRJN5WmvE17bACqsRtcUY
eaLL0HD80K/TfPxiZIYn7LpOSAyEM7AvNZoiFx4AoDPBNpE+QnjCgsUIMf02uz5L
rPBsMlFnBCNYe9n3mEGn
=XTmN
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Plone header injection Nathan Van Gheem (Sep 19)
- Re: CVE Request: Plone header injection cve-assign (Sep 22)