5 matches found
Kerio Control v9.2.5 - CRLF Injection
Kerio Control, formerly known as Kerio WinRoute Firewall, has been found vulnerable to multiple HTTP Response Splitting vulnerabilities in product affecting versions 9.2.5 id: CVE-2024-52875 info: name: Kerio Control v9.2.5 - CRLF Injection author: ritikchaddha,iamnoooob,rootxharsh,pdresearch...
CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...
CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...
CVE-2024-52875
Kerio Control (GFI) versions 9.2.5–9.4.5 are affected by a CRLF/HTTP response splitting vulnerability that abuses the dest parameter in GET requests to generate a Location header in a 302 response, enabling Open Redirect and HTTP Response Splitting, which can lead to reflected XSS. The issue affe...
CVE-2024-52875
creationtimestamp| type| source ---|---|--- 2024-12-17 14:10:59+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/9452 2024-12-21 18:13:24+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/11586 2025-01-01 18:03:16+00:00| seen|...