Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CodeIgniter validation of header name and value
Vulnerability Description
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
解释冲突
Vulnerability Title
CodeIgniter 安全漏洞
Vulnerability Description
CodeIgniter是Codeigniter开源的一个轻量级、快速、灵活和安全的 PHP 全栈 Web 框架。 CodeIgniter 4.5.8之前版本存在安全漏洞,该漏洞源于对HTTP头部名称和值的验证不当,可能导致应用错误或无效请求,严重时引发拒绝服务(DoS)。
CVSS Information
N/A
Vulnerability Type
N/A