Lucene search

[email protected]CVE-2007-4190

HistoryAug 08, 2007 - 1:17 a.m.

CVE-2007-4190

2007-08-0801:17:00

CWE-74

[email protected]

web.nvd.nist.gov

cve-2007-4190

joomla

sunglow

http response splitting

crlf injection

xss

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

joomlajoomla\!Range<1.0.13

CPENameOperatorVersion
joomla:joomla\!joomla joomla!lt1.0.13

CPE	Name	Operator	Version
joomla:joomla\!	joomla joomla!	lt	1.0.13

References

osvdb.org/38739

secunia.com/advisories/26239

www.joomla.org/content/view/3677/1/

www.vupen.com/english/advisories/2007/2719

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2007-4190

prion1 osv1 cvelist1 nvd1 github1 openvas2 nessus1 freebsd1