Lucene search

[email protected]CVE-2007-2292

HistoryApr 26, 2007 - 8:19 p.m.

CVE-2007-2292

2007-04-2620:19:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-2292

crlf injection

vulnerability

mozilla firefox

http request splitting

nvd

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.072 Low

EPSS

Percentile

94.0%

JSON

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle2.0.0.8
mozilla:seamonkeymozilla seamonkeyle1.1.5
microsoft:internet_explorermicrosoft internet explorereq7.0.5730.11

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	2.0.0.8
mozilla:seamonkey	mozilla seamonkey	le	1.1.5
microsoft:internet_explorer	microsoft internet explorer	eq	7.0.5730.11

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

secunia.com/advisories/27276

secunia.com/advisories/27298

secunia.com/advisories/27311

secunia.com/advisories/27315

secunia.com/advisories/27325

secunia.com/advisories/27327

secunia.com/advisories/27335

secunia.com/advisories/27336

secunia.com/advisories/27356

secunia.com/advisories/27360

secunia.com/advisories/27383

secunia.com/advisories/27387

secunia.com/advisories/27403

secunia.com/advisories/27414

secunia.com/advisories/27425

secunia.com/advisories/27480

secunia.com/advisories/27665

secunia.com/advisories/27680

secunia.com/advisories/28398

securityreason.com/securityalert/2654

sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

www.debian.org/security/2007/dsa-1392

www.debian.org/security/2007/dsa-1396

www.debian.org/security/2007/dsa-1401

www.gentoo.org/security/en/glsa/glsa-200711-14.xml

www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

www.mozilla.org/security/announce/2007/mfsa2007-31.html

www.novell.com/linux/security/advisories/2007_57_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0979.html

www.redhat.com/support/errata/RHSA-2007-0980.html

www.redhat.com/support/errata/RHSA-2007-0981.html

www.securityfocus.com/archive/1/466906/100/0/threaded

www.securityfocus.com/archive/1/482876/100/200/threaded

www.securityfocus.com/archive/1/482925/100/0/threaded

www.securityfocus.com/archive/1/482932/100/200/threaded

www.securityfocus.com/bid/23668

www.securitytracker.com/id?1017968

www.ubuntu.com/usn/usn-536-1

www.vupen.com/english/advisories/2007/3544

www.vupen.com/english/advisories/2007/3587

www.vupen.com/english/advisories/2008/0083

www.wisec.it/vulns.php?id=11

bugzilla.mozilla.org/show_bug.cgi?id=378787

exchange.xforce.ibmcloud.com/vulnerabilities/33981

issues.rpath.com/browse/RPL-1858

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195

usn.ubuntu.com/535-1/

www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.072 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2007-2292

ubuntucve1 veracode1 mozilla1 prion1 seebug1 securityvulns2 openvas28 gentoo1 nessus31 oraclelinux3 fedora4 debian3 centos4 redhat3 osv3 ubuntu2 suse1