WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting
Medium Nessus Network Monitor Plugin ID 2356
SynopsisThe remote WordPress server is vulnerable to a HTTP 'splitting' attack.
DescriptionVersions of WordPress prior to 1.2.1 are vulnerable to an HTTP-splitting attack where an attacker can insert CRLF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header that was supplied by the attacker.
SolutionUpgrade to version 1.2.1 or higher.