Vulnerability Details CVE-2018-1319
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/103434
- https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da%40%3Cdev.allura.apache.org%3E
- http://www.securityfocus.com/bid/103434
- https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da%40%3Cdev.allura.apache.org%3E
Products affected by CVE-2018-1319
-
cpe:2.3:a:apache:allura:1.0.0
-
cpe:2.3:a:apache:allura:1.0.1
-
cpe:2.3:a:apache:allura:1.1.0
-
cpe:2.3:a:apache:allura:1.2.0
-
cpe:2.3:a:apache:allura:1.2.1
-
cpe:2.3:a:apache:allura:1.3.0
-
cpe:2.3:a:apache:allura:1.3.1
-
cpe:2.3:a:apache:allura:1.3.2
-
cpe:2.3:a:apache:allura:1.4.0
-
cpe:2.3:a:apache:allura:1.5.0
-
cpe:2.3:a:apache:allura:1.6.0
-
cpe:2.3:a:apache:allura:1.7.0
-
cpe:2.3:a:apache:allura:1.8.0