Lucene search

[email protected]CVE-2007-4398

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4398

2007-08-1821:17:00

[email protected]

web.nvd.nist.gov

crlf injection

vulnerability

now-playing.rb

xmms.pl

weechat

remote attackers

irc commands

cve-2007-4398

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.9%

JSON

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Affected configurations

NVD

Node

irssiirssiRange≤0.8.10rc5

CPENameOperatorVersion
irssi:irssiirssile0.8.10rc5

CPE	Name	Operator	Version
irssi:irssi	irssi	le	0.8.10rc5

References

git.sv.gnu.org/gitweb/?p=weechat/scripts.git%3Ba=commit%3Bh=7429c29a2fab6d7493c0188b5f631a7c2ae1533d

git.sv.gnu.org/gitweb/?p=weechat/scripts.git%3Ba=commit%3Bh=76f7f7b502352ba2b823e3388a2ca88840fd1945

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html

osvdb.org/39564

osvdb.org/39565

secunia.com/advisories/26457

secunia.com/advisories/26490

securityreason.com/securityalert/3036

wouter.coekaerts.be/site/security/nowplaying

www.securityfocus.com/archive/1/476283/100/0/threaded

www.securityfocus.com/bid/25281

exchange.xforce.ibmcloud.com/vulnerabilities/35985

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2007-4398

cvelist1 nvd1 ubuntucve1 prion1 debiancve1