icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

Medium

Synopsis

The remote WordPress server is vulnerable to a HTTP 'splitting' attack.

Description

Versions of WordPress prior to 1.2.1 are vulnerable to an HTTP-splitting attack where an attacker can insert CRLF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header that was supplied by the attacker.

Solution

Upgrade to version 1.2.1 or higher.