CVE-2015-5285 - CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTT

CVE-2015-5285

Summary

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. <a href="http://cwe.mitre.org/data/definitions/113.html">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')</a>

References

Vulnerable Configurations

cpe:2.3:a:kallithea-scm:kallithea:0.1:*:*:*:*:*:*:*
cpe:2.3:a:kallithea-scm:kallithea:0.1:*:*:*:*:*:*:*
cpe:2.3:a:kallithea-scm:kallithea:0.2:*:*:*:*:*:*:*
cpe:2.3:a:kallithea-scm:kallithea:0.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 28-05-2020 - 16:58)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

confirm	https://kallithea-scm.org/security/cve-2015-5285.html
exploit-db	38424
misc	http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php

Last major update

28-05-2020 - 16:58

Published

29-10-2015 - 20:59

Last modified

28-05-2020 - 16:58