Sabine Degen

**Name of the Vulnerable Software and Affected Versions** Silverstripe CMS versions prior to 4.5 Silverstripe versions prior to 4.5 **Description** The issue allows for web cache poisoning through the modification of the `X-Original-Url` and `X-HTTP-Method-Override` headers. This can lead to responses with malicious HTTP headers being returned to other consumers of the cached response. **Recommendations** For Silverstripe CMS versions prior to 4.5, consider disabling HTTP Cache Headers on responses served by the framework's HTTP layer as a temporary workaround until a patch is available. Restrict access to the HTTPRequestBuilder to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Skype for Business (affected versions not specified) Office 365 ProPlus (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft Lync (affected versions not specified) **Description** A denial of service issue exists. This issue affects various Microsoft products. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.