Vulnerability CVE-2007-0892


Published: 2007-02-12   Modified: 2012-02-12

Description:
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

Type:

CWE-93

(Improper Neutralization of CRLF Sequences ('CRLF Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Matthieu aubry -> Phpmyvisites 

 References:
http://marc.info/?l=full-disclosure&m=117121596803908&w=2
http://www.securityfocus.com/archive/1/459792/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32428

Copyright 2024, cxsecurity.com

 

Back to Top