5 matches found
CVE-2015-5285
CVE-2015-5285 affects Kallithea, a web-based source code management system. The vulnerability is a CRLF/HTTP header injection in the came_from parameter of the _admin/login page, enabling an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Documented affected version...
Kallithea 0.2.9 - came_from HTTP Response Splitting
Kallithea 0.2.9 - camefrom HTTP Response Splitting Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd,...
Kallithea 0.2.9 HTTP Response Splitting Vulnerability
Kallithea suffers from a HTTP header injection response splitting vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'camefrom' parameter in the login instance. This type of attack not only allows a malicious user to control the...
Kallithea 0.2.9 HTTP Response Splitting
Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...
Kallithea 0.2.9 - 'came_from' HTTP Response Splitting
Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...