Launchpad CVE tracker

CVE 2012-5486

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Related bugs and status

CVE-2012-5486 (Candidate) is related to these bugs:

Bug #930812: ZPublisher.HTTPRequest._scrubHeader allows linefeed injection

Summary				In	Importance	Status
	930812	ZPublisher.HTTPRequest._scrubHeader allows linefeed injection		Zope 2	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://rhn.redhat.com/...
MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...
MISC: https://plone.org/prod...
MISC: https://plone.org/prod...

Launchpad.net

CVE 2012-5486

Related bugs and status

Related bugs

References