Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Remediation

References

CVE-2012-5486

Related Vulnerabilities

WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.4.0)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Unspecified Vulnerability (4.3.4)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3055)

SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7857)

Severity

Medium

Classification

CVE-2012-5486

Tags

Missing Update Known Vulnerabilities