Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Improper Input Validation Vulnerability (CVE-2012-6072)

Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

Related Vulnerabilities

Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0696)

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)

WordPress Plugin Fileviewer Cross-Site Request Forgery (2.2)

WordPress Plugin DMCA WaterMarker Cross-Site Scripting (1.0)

WordPress Plugin Booked-Appointment Booking for WordPress Security Bypass (2.2.5)

Severity

Medium

Classification

CVE-2012-6072 CWE-20

Tags

Missing Update Known Vulnerabilities