HTTP Response Splitting Vulnerability in Apache Allura
CVE-2018-1319

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Allura
Vendor: CVE Published:; 15 March 2018

What is CVE-2018-1319?

In Apache Allura versions prior to 1.8.1, a vulnerability exists that allows attackers to create maliciously crafted URLs. When a user navigates to such URLs, it can lead to HTTP response splitting. This technique may result in various harmful outcomes, including cross-site scripting (XSS) attacks or even denial of service for the affected user's browsing session. Users and administrators are advised to securely configure the application and update to the latest version to mitigate such risks.

Affected Version(s)

Apache Allura prior to 1.8.1

References

https://lists.apache.org/thread.html/22b74bc4002091157ec2...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/103434

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2018
Vulnerability Reserved
Dec 7, 2017