CVE-2018-11347
HIGH
8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0035
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Access Control
Potential Impacts:
Modify Application Data
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
Web Based, Web Server
Operating System
Yunohost by Yunohost
Version Range Affected
From
2.7.2
(inclusive)
To
2.7.14
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:yunohost:yunohost:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulner…
https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulner…