Reflexive HTTP header injection

A crafted URL can contain arbitrary HTTP headers that are then returned to the user. Can be used to log users out, for example.

Versions affected

4.2.2
4.2.1
4.2
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1
4.0.10
4.0.9
4.0.8
4.0.7
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2

Vulnerability

This allows setting of fake status messages and causing users to become logged out.

Current status

Credits

Discovered by

WhiteHat security

Fixed by

Plone Security Team

Coordinated by

Plone Security Team

You can contact the security team confidentially by email at security@plone.org

More information

CVE Identifier

CVE-2012-5486

Type

Severity

5.8 – medium
Vector	Network
Complexity	Medium
Authentication	None
Confidentiality	None
Integrity	Partial
Availability	Partial

Timeline

Vulnerability reported:
Hotfix released: