Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 15 Mar 2018 14:52:52 -0400
From: Dave Brondsema <brondsem@...che.org>
To: dev@...ura.apache.org, users@...ura.apache.org, announce@...che.org,
 oss-security@...ts.openwall.com, Apache Security Team <security@...che.org>
Subject: [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting

CVE-2018-1319 Apache Allura HTTP response splitting

Severity: Important
Versions Affected: All

Description:
Attackers may craft URLs that cause HTTP response splitting.  If a victim goes
to a maliciously crafted URL, unwanted results may occur including XSS or
service denial for the victim's browsing session.

Mitigation:
Users of Allura should upgrade to Allura 1.8.1 immediately.

Credit:
This issue was discovered by Everardo Padilla Saca

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.