oss-sec mailing list archives
Re: CVE Request: Plone header injection
From: cve-assign () mitre org
Date: Tue, 22 Sep 2015 17:00:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://plone.org/security/20150910/header-injection
Users who had access to write cookie values were able to inject headers into the response.
Use CVE-2015-7318. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWAb4bAAoJEL54rhJi8gl5gWYQAL/UbN6AOxceuGfy+9NJZu1v 9XBnhunTbBTKVC2JkijftSg6d4hetEm/n3kKWKBJWoqrRP6GaD5CgvEqlsnktd12 jxumJeF5LcC9dmF4ke621F/Mso7SyjzrbD4HbsjbKC/QUpKIdxPhuPPN4ah1clV3 dRUG6fSNdP5+cTMMI9ZaRhfAkD7+D91Vwgd342EqjoCpBGvmkOvHLCNOQ+7Wc1ov uE9CKC3X2MQ0MxI6hZZh1d2xUkvpD187pejYNZVWpL4LwJw0u2HbrBBqCfh3JSd0 rXP2aiUjiCgTAbnbuuiJuxXj7TnT9uHt6Qh/wv9xWTcZnwFSaWDsoQVopCVkc4RA C3DHHdkzcdMadY3a3JJCgksDEWK4CNejW+NSN+0jaQembB/SxVlpsMgD8z08nMAe tMvnf0CFRNHejWBZGYbtGVFz4/j+KUyesSDSj+RKcPWseAgvA3HQ9Cv6J2DrXYKk dMhoRC7sPdb62jXWLatnqavzT3hSutIwqG1xgm/kdDI/F+xDp9rKea8ITfodnJJZ WXx51IU7d4W9WeAG2t1N8OwxtclnnOlS2QUWmw2hL2lwRJN5WmvE17bACqsRtcUY eaLL0HD80K/TfPxiZIYn7LpOSAyEM7AvNZoiFx4AoDPBNpE+QnjCgsUIMf02uz5L rPBsMlFnBCNYe9n3mEGn =XTmN -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Plone header injection Nathan Van Gheem (Sep 19)
- Re: CVE Request: Plone header injection cve-assign (Sep 22)