CVE-2005-1087

Опубликовано: 07 апр. 2005

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.

Ссылки

http://secunia.com/advisories/14861
Vendor Advisory
http://securitytracker.com/id?1013666
Vendor Advisory
http://www.osvdb.org/15362
Vendor Advisory
http://www.security.org.sg/vuln/anhttpd142n.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/20031
http://secunia.com/advisories/14861
Vendor Advisory
http://securitytracker.com/id?1013666
Vendor Advisory
http://www.osvdb.org/15362
Vendor Advisory
http://www.security.org.sg/vuln/anhttpd142n.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/20031

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:an:an-httpd:1.42n:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04248

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-826q-6vv7-58g6

github

почти 4 года назад