Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

Medium

Synopsis

The remote WordPress server is vulnerable to a HTTP 'splitting' attack.

Description

Versions of WordPress prior to 1.2.1 are vulnerable to an HTTP-splitting attack where an attacker can insert CRLF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header that was supplied by the attacker.

Solution

Upgrade to version 1.2.1 or higher.