CVE-2012-5486

Publication date

2014-09-30 14:00:00

Family

redhat

State

PUBLISHED

Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.