CVE-2015-5285

Kallithea <0.3 - HTTP Response Splitting

Title source: llm

Description

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsmultiple

https://www.exploit-db.com/exploits/38424

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html

[Exploit] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php

[Exploit, Patch, Vendor Advisory] https://kallithea-scm.org/security/cve-2015-5285.html

[Exploit] https://www.exploit-db.com/exploits/38424/

Scores

EPSS 0.0531

EPSS Percentile 90.1%

Details

Status published

Products (2)

kallithea-scm/kallithea < 0.2

pypi/kallithea 0 - 0.3PyPI

Published Oct 29, 2015

Tracked Since Feb 18, 2026