Kallithea à 0.2 admin/login came_from elévation de privilèges

Une vulnérabilité classée critique a été trouvée dans Kallithea à 0.2. Affecté par cette vulnérabilité est une fonction inconnue du fichier admin/login. Mettre à jour à la version 0.3 élimine cette vulnérabilité.

Domaine30/10/2015 09:1727/02/2018 02:5825/06/2022 13:10
nameKallitheaKallitheaKallithea
version<=0.2<=0.2<=0.2
fileadmin/loginadmin/loginadmin/login
argumentcame_fromcame_fromcame_from
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.35.35.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore6.66.66.6
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.66.66.6
date1446076800 (29/10/2015)1446076800 (29/10/2015)1446076800 (29/10/2015)
urlhttps://kallithea-scm.org/security/cve-2015-5285.htmlhttps://kallithea-scm.org/security/cve-2015-5285.htmlhttps://kallithea-scm.org/security/cve-2015-5285.html
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version0.30.30.3
cveCVE-2015-5285CVE-2015-5285CVE-2015-5285
cve_nvd_published144607680014460768001446076800
cve_nvd_summaryCRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
cvss3_vuldb_uiNNN
locationWebsiteWebsiteWebsite
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cwe0113 (elévation de privilèges)113 (elévation de privilèges)
confirm_urlhttps://kallithea-scm.org/security/cve-2015-5285.htmlhttps://kallithea-scm.org/security/cve-2015-5285.html
availability11
publicity11
urlhttps://www.exploit-db.com/exploits/38424/https://www.exploit-db.com/exploits/38424/
cve_assigned1435708800 (01/07/2015)1435708800 (01/07/2015)
exploitdb3842438424
openvas_id800891800891
openvas_filenamegb_kallithea_http_response_splitting_vuln.naslgb_kallithea_http_response_splitting_vuln.nasl
openvas_titleKallithea came_from parameter HTTP Response Splitting VulnerabilityKallithea came_from parameter HTTP Response Splitting Vulnerability
openvas_familyWeb application abusesWeb application abuses
identifier133897
cvss2_nvd_basescore5.0

Do you want to use VulDB in your project?

Use the official API to access entries easily!