Lucene search

K
cve[email protected]CVE-2015-5285
HistoryOct 29, 2015 - 8:59 p.m.

CVE-2015-5285

2015-10-2920:59:04
web.nvd.nist.gov
43
crlf injection
kallithea
vulnerability
http response splitting
cve-2015-5285
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Affected configurations

NVD
Node
kallithea-scmkallitheaRange0.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%