Debian Security Update DSA-3890 spip - security update

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,727
Reaction score
94
Credits
-1,257
Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.

Continue reading...
 


Follow Linux.org


Latest posts

Top