Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Remediation

References

CVE-2012-5486

Related Vulnerabilities

Drupal Core 7.x Multiple Vulnerabilities (7.0)

WordPress Plugin Zingiri Web Shop 'uploadfilexd.php' Arbitrary File Upload (2.4.3)

Perl Use of Externally-Controlled Format String Vulnerability (CVE-2012-1151)

MySQL CVE-2017-10155 Vulnerability (CVE-2017-10155)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.2.3)

Severity

Medium

Classification

CVE-2012-5486

Tags

Missing Update Known Vulnerabilities