Lucene search

[email protected]CVE-2012-4023

HistoryNov 08, 2012 - 11:46 a.m.

CVE-2012-4023

2012-11-0811:46:24

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-4023

crlf injection

pebble

vulnerability

http headers

http response splitting

remote attackers

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.0%

JSON

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected configurations

NVD

Node

simon_brownpebbleRange≤2.6.3

simon_brownpebbleMatch1.0

simon_brownpebbleMatch1.1

simon_brownpebbleMatch1.2

simon_brownpebbleMatch1.3

simon_brownpebbleMatch1.4

simon_brownpebbleMatch1.4beta1

simon_brownpebbleMatch1.4beta2

simon_brownpebbleMatch1.4beta3

simon_brownpebbleMatch1.4.1

simon_brownpebbleMatch1.4.2

simon_brownpebbleMatch1.5

simon_brownpebbleMatch1.5beta1

simon_brownpebbleMatch1.5beta2

simon_brownpebbleMatch1.5.1

simon_brownpebbleMatch1.6beta3

simon_brownpebbleMatch1.7

simon_brownpebbleMatch1.7beta1

simon_brownpebbleMatch1.7.1

simon_brownpebbleMatch1.7.2

simon_brownpebbleMatch1.8

simon_brownpebbleMatch1.9

simon_brownpebbleMatch2.0

simon_brownpebbleMatch2.0.0m1

simon_brownpebbleMatch2.0.0m2

simon_brownpebbleMatch2.0.0m3

simon_brownpebbleMatch2.0.0rc1

simon_brownpebbleMatch2.0.0rc2

simon_brownpebbleMatch2.0.1

simon_brownpebbleMatch2.1

simon_brownpebbleMatch2.1rc1

simon_brownpebbleMatch2.2

simon_brownpebbleMatch2.3

simon_brownpebbleMatch2.3.1

simon_brownpebbleMatch2.3.2

simon_brownpebbleMatch2.4

simon_brownpebbleMatch2.4rc2

simon_brownpebbleMatch2.5

simon_brownpebbleMatch2.5m1

simon_brownpebbleMatch2.5m2

simon_brownpebbleMatch2.5rc1

simon_brownpebbleMatch2.5.1

simon_brownpebbleMatch2.5.2

simon_brownpebbleMatch2.5.3

simon_brownpebbleMatch2.6

simon_brownpebbleMatch2.6m1

simon_brownpebbleMatch2.6.1

simon_brownpebbleMatch2.6.2

CPENameOperatorVersion
simon_brown:pebblesimon brown pebblele2.6.3
simon_brown:pebblesimon brown pebbleeq1.0
simon_brown:pebblesimon brown pebbleeq1.1
simon_brown:pebblesimon brown pebbleeq1.2
simon_brown:pebblesimon brown pebbleeq1.3
simon_brown:pebblesimon brown pebbleeq1.4
simon_brown:pebblesimon brown pebbleeq1.4.1
simon_brown:pebblesimon brown pebbleeq1.4.2
simon_brown:pebblesimon brown pebbleeq1.5
simon_brown:pebblesimon brown pebbleeq1.5.1

CPE	Name	Operator	Version
simon_brown:pebble	simon brown pebble	le	2.6.3
simon_brown:pebble	simon brown pebble	eq	1.0
simon_brown:pebble	simon brown pebble	eq	1.1
simon_brown:pebble	simon brown pebble	eq	1.2
simon_brown:pebble	simon brown pebble	eq	1.3
simon_brown:pebble	simon brown pebble	eq	1.4
simon_brown:pebble	simon brown pebble	eq	1.4.1
simon_brown:pebble	simon brown pebble	eq	1.4.2
simon_brown:pebble	simon brown pebble	eq	1.5
simon_brown:pebble	simon brown pebble	eq	1.5.1

Rows per page:

1-10 of 321

References

jvn.jp/en/jp/JVN39563771/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000099

secunia.com/advisories/51102

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.0%

JSON

Related for CVE-2012-4023

prion1 nvd1 jvn1 cvelist1