[ckan-dev] CKAN vulnerable to HTTP response splitting
eagbayani at eol.org
Thu Sep 19 08:31:56 UTC 2019
Our CKAN portal is now using CKAN 2.5.9. We started from 2.5.2.
I was told that a scanning tool (called Qualys) reported that our CKAN
portal is vulnerable to
HTTP response splitting
<https://en.wikipedia.org/wiki/HTTP_response_splitting>. We are now on
deadline to fix this vulnerability or else face being shutdown.
IS THERE NOTHING IN CKAN CONFIG OR SETTINGS THAT CAN HELP ELIMINATE THIS
HTTP response splitting, is a common means of attack and many applications
have native means to handle it.
I hope CKAN has a way to protect itself from this type of attack.
ANY INPUT WILL BE APPRECIATED.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ckan-dev