Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 15 Mar 2018 14:52:52 -0400
From: Dave Brondsema <>
To:,,,, Apache Security Team <>
Subject: [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting

CVE-2018-1319 Apache Allura HTTP response splitting

Severity: Important
Versions Affected: All

Attackers may craft URLs that cause HTTP response splitting.  If a victim goes
to a maliciously crafted URL, unwanted results may occur including XSS or
service denial for the victim's browsing session.

Users of Allura should upgrade to Allura 1.8.1 immediately.

This issue was discovered by Everardo Padilla Saca

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.