You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Dave Brondsema <br...@apache.org> on 2018/03/15 18:52:52 UTC
[SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting
CVE-2018-1319 Apache Allura HTTP response splitting
Severity: Important
Versions Affected: All
Description:
Attackers may craft URLs that cause HTTP response splitting. If a victim goes
to a maliciously crafted URL, unwanted results may occur including XSS or
service denial for the victim's browsing session.
Mitigation:
Users of Allura should upgrade to Allura 1.8.1 immediately.
Credit:
This issue was discovered by Everardo Padilla Saca