www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Brondsema <brond...@apache.org>
Subject [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting
Date Thu, 15 Mar 2018 18:52:52 GMT
CVE-2018-1319 Apache Allura HTTP response splitting

Severity: Important
Versions Affected: All

Description:
Attackers may craft URLs that cause HTTP response splitting.  If a victim goes
to a maliciously crafted URL, unwanted results may occur including XSS or
service denial for the victim's browsing session.

Mitigation:
Users of Allura should upgrade to Allura 1.8.1 immediately.

Credit:
This issue was discovered by Everardo Padilla Saca

Mime
View raw message