Reflexive HTTP header injection

A crafted URL can contain arbitrary HTTP headers that are then returned to the user. Can be used to log users out, for example.

Versions affected

  • 4.2.2
  • 4.2.1
  • 4.2
  • 4.1.6
  • 4.1.5
  • 4.1.4
  • 4.1.3
  • 4.1.2
  • 4.1.1
  • 4.1
  • 4.0.10
  • 4.0.9
  • 4.0.8
  • 4.0.7
  • 4.0.5
  • 4.0.4
  • 4.0.3
  • 4.0.2
  • 4.0.1
  • 4.0
  • 3.3.6
  • 3.3.5
  • 3.3.4
  • 3.3.3
  • 3.3.2

Vulnerability

This allows setting of fake status messages and causing users to become logged out.

Current status

Credits

Discovered by

  • WhiteHat security

Fixed by

  • Plone Security Team

Coordinated by

  • Plone Security Team