Lucene search

[email protected]CVE-2008-2497

HistoryMay 28, 2008 - 3:32 p.m.

CVE-2008-2497

2008-05-2815:32:00

CWE-94

[email protected]

web.nvd.nist.gov

crlf injection

vulnerability

mambo

http headers

http response splitting

attack

remote

cve-2008-2497

nvd

7.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CPENameOperatorVersion
mambo-foundation:mambomambo-foundation mambole4.6.4

CPE	Name	Operator	Version
mambo-foundation:mambo	mambo-foundation mambo	le	4.6.4

References

forum.mambo-foundation.org/showthread.php?t=11799

secunia.com/advisories/30343

www.securityfocus.com/bid/29373

www.vupen.com/english/advisories/2008/1660/references

exchange.xforce.ibmcloud.com/vulnerabilities/42645

7.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2008-2497

prion1 cvelist1