CVE-2018-11347
Last modified
CVE-2018-11347 is a vulnerability of currently unknown severity. The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yunohost | Yunohost | >= 2.7.2, <= 2.7.14 |
References
- https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/Exploit, Third Party Advisory
- https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11347?
How severe is CVE-2018-11347?
How do I fix CVE-2018-11347?
Are you affected by CVE-2018-11347?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST