Описание
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-2550
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34141
- http://osvdb.org/36209
- http://osvdb.org/36210
- http://securityreason.com/securityalert/2678
- http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1&showtopic=27418
- http://www.securityfocus.com/archive/1/467828/100/0/threaded
- http://www.securityfocus.com/archive/1/468053/100/0/threaded
- http://www.securityfocus.com/bid/23852
EPSS
CVE ID
Связанные уязвимости
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
EPSS