UNKNOWN Maven
Jenkins allows HTTP Injection and Response Splitting
GHSA-2q8v-qx2x-hxjx · CVE-2012-6072
Published · Modified
Description
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-6072
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=890607
- PACKAGE https://github.com/jenkinsci/jenkins
- WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- WEB http://rhn.redhat.com/errata/RHSA-2013-0220.html
- WEB http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
Ready to move
Start Securing
Free, no credit card | First findings in minutes