Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

CVE-2012-6072

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3365)

Internet Information Services Other Vulnerability (CVE-1999-0278)

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2012-1170)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7936)

WordPress Plugin Uji Countdown Cross-Site Scripting (2.2)

Severity

Medium

Classification

CVE-2012-6072 CWE-20

Tags

Missing Update Known Vulnerabilities