CVE-2015-5285

Published: Oct 29, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Affected (1)

Products: Kallithea Scm: Kallithea

Kallithea Scm

1 product

Kallithea

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kallithea Scm Kallithea	Up to 0.2

References (8)

http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html

Source: secalert@redhat.com

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php

Source: secalert@redhat.com

Exploit

https://kallithea-scm.org/security/cve-2015-5285.html

Source: secalert@redhat.com

ExploitPatchVendor Advisory

https://www.exploit-db.com/exploits/38424/

Source: secalert@redhat.com

Exploit

http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://kallithea-scm.org/security/cve-2015-5285.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://www.exploit-db.com/exploits/38424/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.