Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SilverStripe 环境问题漏洞
Vulnerability Description
SilverStripe是新西兰SilverStripe公司的一套开源的编程框架和内容管理系统 (CMS)。该系统具有支持多国语言、跨平台等特点。 Silverstripe 4.4.4及之前版本中存在安全漏洞。攻击者可通过修改X-Original-Url和X-HTTP-Method-Override标头利用该漏洞将意外响应返回给此缓存响应的其他使用者。
CVSS Information
N/A
Vulnerability Type
N/A