Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting



The remote WordPress server is vulnerable to a HTTP 'splitting' attack.


Versions of WordPress prior to 1.2.1 are vulnerable to an HTTP-splitting attack where an attacker can insert CRLF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header that was supplied by the attacker.


Upgrade to version 1.2.1 or higher.