kallithea is vulnerable to HTTP Response Splitting. It is possible because it does not escape the user-provided input from GET ‘came_from’ parameter in the login instance, allowing an attacker to inject malicious HTTP headers to control the remaining headers and body of the response of the application and to create additional responses entirely under their control.
CPE | Name | Operator | Version |
---|---|---|---|
kallithea | le | 0.2.99-pre |
packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html
www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php
kallithea-scm.org/news/release-0.3.html
kallithea-scm.org/repos/kallithea/changeset/38d1c99cd0005c1df5a37692615356c918dbe068
kallithea-scm.org/security/20151001-cve-2015-5285.html
kallithea-scm.org/security/cve-2015-5285.html
www.exploit-db.com/exploits/38424
www.exploit-db.com/exploits/38424/