Lucene search

[email protected]CVE-2003-1338

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2003-1338

2022-10-0316:15:42

[email protected]

web.nvd.nist.gov

crlf injection

aprelium abyss web server

http response splitting

cve-2003-1338

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.4%

JSON

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.

Affected configurations

NVD

Node

aprelium_technologiesabyss_web_serverRange≤1.1.2

CPENameOperatorVersion
aprelium_technologies:abyss_web_serveraprelium technologies abyss web serverle1.1.2

CPE	Name	Operator	Version
aprelium_technologies:abyss_web_server	aprelium technologies abyss web server	le	1.1.2

References

archives.neohapsis.com/archives/bugtraq/2003-06/0235.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2003-1338

cvelist1 nvd1