Description

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.

Remediation

References

CVE-2018-11783

Related Vulnerabilities

Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-3186)

WordPress Plugin Duplicate Page Multiple Vulnerabilities (2.3)

WordPress Plugin WikiPop Cross-Site Scripting (2.0)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

Severity

High

Classification

CVE-2018-11783 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities