Date: Thu, 15 Mar 2018 14:52:52 -0400 From: Dave Brondsema <brondsem@...che.org> To: dev@...ura.apache.org, users@...ura.apache.org, announce@...che.org, oss-security@...ts.openwall.com, Apache Security Team <security@...che.org> Subject: [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting CVE-2018-1319 Apache Allura HTTP response splitting Severity: Important Versions Affected: All Description: Attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session. Mitigation: Users of Allura should upgrade to Allura 1.8.1 immediately. Credit: This issue was discovered by Everardo Padilla Saca
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.