CVE-2015-5285
published 2015-10-29CVE-2015-5285: CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via…
PriorityP335medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
6.04%
92.5th percentile
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kallithea-scm | kallithea | <= 0.2 | — |
| kallithea-scm | kallithea | >= 0 < 0.3 | 0.3 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Kallithea CRLF injection vulnerability
osv·2022-05-13
CVE-2015-5285 [HIGH] Kallithea CRLF injection vulnerability
Kallithea CRLF injection vulnerability
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the `came_from` parameter to `_admin/login`.
GHSA
Kallithea CRLF injection vulnerability
ghsa·2022-05-13
CVE-2015-5285 [HIGH] CWE-93 Kallithea CRLF injection vulnerability
Kallithea CRLF injection vulnerability
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the `came_from` parameter to `_admin/login`.
OSV
CVE-2015-5285: CRLF injection vulnerability in Kallithea before 0
osv·2015-10-29
CVE-2015-5285 CVE-2015-5285: CRLF injection vulnerability in Kallithea before 0
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.htmlhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.phphttps://kallithea-scm.org/security/cve-2015-5285.htmlhttps://www.exploit-db.com/exploits/38424/http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.htmlhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.phphttps://kallithea-scm.org/security/cve-2015-5285.htmlhttps://www.exploit-db.com/exploits/38424/
2015-10-29
Published