[ckan-dev] CKAN vulnerable to HTTP response splitting

Eli Agbayani eagbayani at eol.org
Thu Sep 19 08:31:56 UTC 2019


Hi Everybody,
Our CKAN portal is now using CKAN 2.5.9. We started from 2.5.2.
I was told that a scanning tool (called Qualys) reported that our CKAN
portal is vulnerable to
HTTP response splitting
<https://en.wikipedia.org/wiki/HTTP_response_splitting>. We are now on
deadline to fix this vulnerability or else face being shutdown.
IS THERE NOTHING IN CKAN CONFIG OR SETTINGS THAT CAN HELP ELIMINATE THIS
VULNERABILITY.

HTTP response splitting, is a common means of attack and many applications
have native means to handle it.
I hope CKAN has a way to protect itself from this type of attack.
ANY INPUT WILL BE APPRECIATED.

Thanks,
Eli Agbayani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20190919/248cdd16/attachment.html>


More information about the ckan-dev mailing list