CVE-2015-5285 Information

Description

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Reference

http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php https://kallithea-scm.org/security/cve-2015-5285.html https://www.exploit-db.com/exploits/38424/