CVE-2012-5057

Опубликовано: 04 июн. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.

Комментарий

Per: http://cwe.mitre.org/data/definitions/93.html

"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"

Ссылки

http://owncloud.org/about/security/advisories/CVE-2012-5057/
Vendor Advisory
http://owncloud.org/about/security/advisories/CVE-2012-5057/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*

Версия до 4.0.7 (включая)

cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00243

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2012-5057

ubuntu

больше 11 лет назад

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.

CVE-2012-5057

debian

больше 11 лет назад

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows re ...

GHSA-52r6-233g-595f

github

больше 3 лет назад

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.

EPSS

Процентиль: 47%

0.00243

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other