Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Remediation

References

CVE-2012-5486

Related Vulnerabilities

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)

Liferay DXP CVE-2021-33330 Vulnerability (CVE-2021-33330)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)

WordPress Plugin Testimonial WordPress-AP Custom Testimonial Unspecified Vulnerability (1.4.7)

Severity

Medium

Classification

CVE-2012-5486

Tags

Missing Update Known Vulnerabilities