Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Remediation

References

CVE-2012-5486

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2018-3149)

MySQL CVE-2016-0653 Vulnerability (CVE-2016-0653)

WordPress Cleartext Storage of Sensitive Information Vulnerability (CVE-2017-14990)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3617)

Severity

Medium

Classification

CVE-2012-5486

Tags

Missing Update Known Vulnerabilities