PT-2017-7191 · Plone · Plone

Adam Mariš

·

Published

2017-09-25

·

Updated

2022-05-17

·

CVE-2015-7318

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Plone versions 3.3.0 through 3.3.6
Description The issue allows remote attackers to inject headers into HTTP responses.
Recommendations For Plone versions 3.3.0 through 3.3.6, update to a version that contains a fix for this issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-7318
GHSA-FQ9R-8JPM-2222
PYSEC-2017-54

Affected Products

Plone