Published: 29/10/2015 Updated: 28/05/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in Kallithea prior to 0.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kallithea-scm kallithea

Kallithea 029 (came_from) HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: wwwkallithea-scmorg Version affected: 029 and 022 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that supports two leading version control systems, M ...

Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance This type of attack not only allows a malicious user to control the remaining headers and body of the response the applica ...

NVD-CWE-Other http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php https://www.exploit-db.com/exploits/38424/https://kallithea-scm.org/security/cve-2015-5285.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38424/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5285

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect