CVE-2015-5285

High

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…

redhat·NVD-CWE-Other·Published 2015-10-29

CVSS

9.8

EPSS

0.06

KEV

Exploits

cve.orgen

198 chars

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

NVDen

198 chars

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

GHSAen

202 chars

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the `came_from` parameter to `_admin/login`.

NVDes

239 chars

Vulnerabilidad de inyección CRLF en Kallithea en versiones anteriores a 0.3 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de separación de respuesta HTTP a través del parámetro came_from a _admin/login.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0	Secondary	GHSA	8.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P