Lucene search

[email protected]CVE-2005-1087

HistoryApr 13, 2005 - 4:00 a.m.

CVE-2005-1087

2005-04-1304:00:00

[email protected]

web.nvd.nist.gov

crlf injection

cmdis.dll

an httpd server

vulnerability

remote attackers

logfile

file reading

security

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.031 Low

EPSS

Percentile

91.1%

JSON

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.

Affected configurations

NVD

Node

anan-httpdMatch1.42n

CPENameOperatorVersion
an:an-httpdan an-httpdeq1.42n

CPE	Name	Operator	Version
an:an-httpd	an an-httpd	eq	1.42n

References

secunia.com/advisories/14861

securitytracker.com/id?1013666

www.osvdb.org/15362

www.security.org.sg/vuln/anhttpd142n.html

exchange.xforce.ibmcloud.com/vulnerabilities/20031

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2005-1087

cvelist1 nvd1