https://bugzilla.redhat.com/show_bug.cgi?id=1311947
Bug ID: 1311947 Summary: CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: abhgupta@redhat.com, bleanhar@redhat.com, ccoleman@redhat.com, dmcphers@redhat.com, java-sig-commits@lists.fedoraproject.org, jialiu@redhat.com, jkeck@redhat.com, joelsmith@redhat.com, jokerman@redhat.com, kseifried@redhat.com, lmeyer@redhat.com, mizdebsk@redhat.com, mmccomas@redhat.com, msrb@redhat.com, tiwillia@redhat.com
The following flaw was found in Jenkins:
An HTTP response splitting vulnerability in the CLI command documentation allowed attackers to craft Jenkins URLs that serve malicious content.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-...