Vulnerabilities > CVE-2015-5285 - Unspecified vulnerability in Kallithea-Scm Kallithea 0.1/0.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. <a href="http://cwe.mitre.org/data/definitions/113.html">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability. Webapps exploits for multiple platform |
| file | exploits/multiple/webapps/38424.txt |
| id | EDB-ID:38424 |
| last seen | 2016-02-04 |
| modified | 2015-10-08 |
| platform | multiple |
| port | |
| published | 2015-10-08 |
| reporter | LiquidWorm |
| source | https://www.exploit-db.com/download/38424/ |
| title | Kallithea 0.2.9 came_from HTTP Response Splitting Vulnerability |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/133897/ZSL-2015-5267.txt |
| id | PACKETSTORM:133897 |
| last seen | 2016-12-05 |
| published | 2015-10-08 |
| reporter | LiquidWorm |
| source | https://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html |
| title | Kallithea 0.2.9 HTTP Response Splitting |