Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20150922210020.314136C0014@smtpvmsrv1.mitre.org>
Date: Tue, 22 Sep 2015 17:00:20 -0400 (EDT)
From: cve-assign@...re.org
To: nathan.van.gheem@...ne.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Plone header injection

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://plone.org/security/20150910/header-injection

> Users who had access to write cookie values were able to inject headers
> into the response.

Use CVE-2015-7318.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWAb4bAAoJEL54rhJi8gl5gWYQAL/UbN6AOxceuGfy+9NJZu1v
9XBnhunTbBTKVC2JkijftSg6d4hetEm/n3kKWKBJWoqrRP6GaD5CgvEqlsnktd12
jxumJeF5LcC9dmF4ke621F/Mso7SyjzrbD4HbsjbKC/QUpKIdxPhuPPN4ah1clV3
dRUG6fSNdP5+cTMMI9ZaRhfAkD7+D91Vwgd342EqjoCpBGvmkOvHLCNOQ+7Wc1ov
uE9CKC3X2MQ0MxI6hZZh1d2xUkvpD187pejYNZVWpL4LwJw0u2HbrBBqCfh3JSd0
rXP2aiUjiCgTAbnbuuiJuxXj7TnT9uHt6Qh/wv9xWTcZnwFSaWDsoQVopCVkc4RA
C3DHHdkzcdMadY3a3JJCgksDEWK4CNejW+NSN+0jaQembB/SxVlpsMgD8z08nMAe
tMvnf0CFRNHejWBZGYbtGVFz4/j+KUyesSDSj+RKcPWseAgvA3HQ9Cv6J2DrXYKk
dMhoRC7sPdb62jXWLatnqavzT3hSutIwqG1xgm/kdDI/F+xDp9rKea8ITfodnJJZ
WXx51IU7d4W9WeAG2t1N8OwxtclnnOlS2QUWmw2hL2lwRJN5WmvE17bACqsRtcUY
eaLL0HD80K/TfPxiZIYn7LpOSAyEM7AvNZoiFx4AoDPBNpE+QnjCgsUIMf02uz5L
rPBsMlFnBCNYe9n3mEGn
=XTmN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.