High severity7.5NVD Advisory· Published Sep 25, 2017· Updated May 13, 2026
CVE-2015-7318
CVE-2015-7318
Description
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 3.3, < 4.0a1 | 4.0a1 |
Affected products
7cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- plone.org/security/hotfix/20150910nvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2015/09/22/16nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-fq9r-8jpm-2222ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7318ghsaADVISORY
- plone.org/security/hotfix/20150910/header-injectionnvdVendor AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-54.yamlghsaWEB
News mentions
0No linked articles in our index yet.