CVE-2007-4190

Опубликовано: 08 авг. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Ссылки

http://osvdb.org/38739
Broken Link
http://secunia.com/advisories/26239
Patch
Vendor Advisory
http://www.joomla.org/content/view/3677/1/
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2719
Third Party Advisory
http://osvdb.org/38739
Broken Link
http://secunia.com/advisories/26239
Patch
Vendor Advisory
http://www.joomla.org/content/view/3677/1/
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2719
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Версия до 1.0.13 (исключая)

EPSS

Процентиль: 3%

0.00016

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-h22q-g2c7-2jwj

github

почти 4 года назад

Joomla! vulnerable to CRLF injection