Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6072

Опубликовано: 24 фев. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudbees:jenkins:1.447.1.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.447.2.2:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.447.3.1:-:enterprise:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:cloudbees:jenkins:1.400:-:lts:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424:-:lts:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.447:-:lts:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
Версия до 1.466.2 (включая)
cpe:2.3:a:jenkins:jenkins:1.409.1:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.409.2:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.409.3:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424.1:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424.2:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424.3:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424.4:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424.5:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424.6:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.447.1:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.447.2:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.466.1:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:cloudbees:jenkins:1.466.1.2:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.466.2.1:-:enterprise:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:cloudbees:jenkins:*:*:*:*:*:*:*:*
Версия до 1.480.3.1 (включая)
cpe:2.3:a:jenkins:jenkins:1.400:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.401:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.402:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.403:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.404:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.405:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.406:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.407:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.408:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.409:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.410:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.411:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.412:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.413:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.414:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.415:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.416:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.417:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.418:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.419:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.420:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.421:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.422:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.423:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.424:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.425:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.426:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.427:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.428:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.429:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.430:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.431:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.432:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.433:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.434:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.435:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.436:*:*:*:*:*:*:*
cpe:2.3:a:jenkins:jenkins:1.437:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:cloudbees:jenkins:1.424.0.2:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.0.4:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.1.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.2.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.4.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.5.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.6.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:cloudbees:jenkins:1.424.6.11:-:enterprise:*:*:*:*:*

EPSS

Процентиль: 30%
0.00113
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2012-6072

ubuntu
почти 13 лет назад

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

redhat логотип

CVE-2012-6072

redhat
около 13 лет назад

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

debian логотип

CVE-2012-6072

debian
почти 13 лет назад

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...

github логотип

GHSA-2q8v-qx2x-hxjx

github
больше 3 лет назад

Jenkins allows HTTP Injection and Response Splitting

EPSS

Процентиль: 30%
0.00113
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20