6.7 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.8%
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.
osvdb.org/52295
secunia.com/advisories/34230
www.debian.org/security/2009/dsa-1735
www.openwall.com/lists/oss-security/2009/03/01/2
znc.svn.sourceforge.net/viewvc/znc/trunk/modules/webadmin.cpp?view=log&sortby=rev&sortdir=down&pathrev=1395
znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1395
znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1396