Lucene search

[email protected]CVE-2010-3913

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3913

2022-10-0316:20:55

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-3913

crlf injection

transware active! mail

remote attackers

http headers

http response splitting

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

NVD

Node

transwareactive\!_mailRange≤6.40.010047750

CPENameOperatorVersion
transware:active\!_mailtransware active! maille6.40.010047750

CPE	Name	Operator	Version
transware:active\!_mail	transware active! mail	le	6.40.010047750

References

jvn.jp/en/jp/JVN72541530/index.html

jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000050.html

secunia.com/advisories/42039

www.osvdb.org/68943

www.transware.co.jp/security/am0610001.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2010-3913

cvelist1 nvd1 jvn1 prion1