Miggo Logo

CVE-2015-7318: Plone Header Injection

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.40734%
Published
5/17/2022
Updated
10/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Plonepip>= 3.3, < 4.0a14.0a1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes a header injection issue in Plone due to improper input validation when handling cookie values. However, none of the sources (CVE, GHSA, NVD, Plone security advisories, or Red Hat Bugzilla) include concrete code examples, commit diffs, or patch details that explicitly identify specific vulnerable functions. While the vulnerability likely exists in cookie processing and HTTP response header construction logic, the absence of technical implementation details in available public documentation makes it impossible to pinpoint exact function names/file paths with high confidence. This analysis is limited to the information provided, which focuses on vulnerability descriptions rather than code-level specifics.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Plon* *.*.* t*rou** *.*.* *llows r*mot* *tt**k*rs to inj**t *****rs into *TTP r*spons*s.

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s * *****r inj**tion issu* in Plon* *u* to improp*r input v*li**tion w**n **n*lin* *ooki* v*lu*s. *ow*v*r, non* o* t** sour**s (*V*, **S*, NV*, Plon* s**urity **visori*s, or R** **t *u*zill*) in*lu** *on