Reflexive HTTP header injection
A crafted URL can contain arbitrary HTTP headers that are then returned to the user. Can be used to log users out, for example.
Versions affected
- 4.2.2
- 4.2.1
- 4.2
- 4.1.6
- 4.1.5
- 4.1.4
- 4.1.3
- 4.1.2
- 4.1.1
- 4.1
- 4.0.10
- 4.0.9
- 4.0.8
- 4.0.7
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0
- 3.3.6
- 3.3.5
- 3.3.4
- 3.3.3
- 3.3.2
Vulnerability
This allows setting of fake status messages and causing users to become logged out.
Current status
Credits
Discovered by
- WhiteHat security
Fixed by
- Plone Security Team
Coordinated by
- Plone Security Team