CVE-2015-0881

Опубликовано: 20 фев. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

Комментарий

CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

Ссылки

http://jvn.jp/en/jp/JVN64455813/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019
Vendor Advisory
http://jvn.jp/en/jp/JVN64455813/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия до 3.1.0.18 (включая)

EPSS

Процентиль: 89%

0.04383

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2015-0881

ubuntu

почти 11 лет назад

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

CVE-2015-0881

redhat

почти 11 лет назад

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

CVE-2015-0881

debian

почти 11 лет назад

CRLF injection vulnerability in Squid before 3.1.1 allows remote attac ...

GHSA-wp8h-3f2r-jqrj

github

больше 3 лет назад

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

EPSS

Процентиль: 89%

0.04383

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other