CVE-2018-1319

CWE-743 documents3 sources

Severity

6.1MEDIUM

EPSS

0.8%

top 26.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Allura Apache Software Foundation Apache Allura

Timeline

PublishedMar 15

Latest updateMay 13

Description

In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDapache/allura1.8.0

▶CVEListV5apache_software_foundation/apache_alluraprior to 1.8.1

🔴Vulnerability Details

GHSA

GHSA-fcg7-7g94-695r: In Apache Allura prior to 1↗2022-05-13

▶

CVEList

CVE-2018-1319: In Apache Allura prior to 1↗2018-03-15

▶