Описание
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
Ссылки
- Vendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:java_system_delegated_administrator:6.2:-:sparc:*:*:*:*:*
cpe:2.3:a:sun:java_system_delegated_administrator:6.3:-:sparc:*:*:*:*:*
cpe:2.3:a:sun:java_system_delegated_administrator:6.4:-:sparc:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:sun:java_system_delegated_administrator:6.2:-:x86:*:*:*:*:*
cpe:2.3:a:sun:java_system_delegated_administrator:6.3:-:x86:*:*:*:*:*
cpe:2.3:a:sun:java_system_delegated_administrator:6.4:-:x86:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:sun:java_system_delegated_administrator:6.2:-:linux:*:*:*:*:*
cpe:2.3:a:sun:java_system_delegated_administrator:6.3:-:linux:*:*:*:*:*
cpe:2.3:a:sun:java_system_delegated_administrator:6.4:-:linux:*:*:*:*:*
EPSS
Процентиль: 96%
0.22907
Средний
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
EPSS
Процентиль: 96%
0.22907
Средний
6.8 Medium
CVSS2
Дефекты
CWE-20