Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

CVE-2012-6072

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2001-0709)

WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)

WordPress Plugin ActiveHelper LiveHelp Live Chat Multiple Cross-Site Scripting Vulnerabilities (4.5.0)

Oracle Database Server CVE-2016-5516 Vulnerability (CVE-2016-5516)

IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722)

Severity

Medium

Classification

CVE-2012-6072 CWE-20

Tags

Missing Update Known Vulnerabilities