High severityNVD Advisory· Published Oct 29, 2015· Updated May 6, 2026
CVE-2015-5285
CVE-2015-5285
Description
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kallitheaPyPI | < 0.3 | 0.3 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.htmlnvdExploitWEB
- www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.phpnvdExploitWEB
- kallithea-scm.org/security/cve-2015-5285.htmlnvdExploitPatchVendor AdvisoryWEB
- www.exploit-db.com/exploits/38424/nvdExploit
- github.com/advisories/GHSA-vfg9-phjp-9frwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5285ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/kallithea/PYSEC-2015-13.yamlghsaWEB
- www.exploit-db.com/exploits/38424ghsaWEB
News mentions
0No linked articles in our index yet.