Lucene search

[email protected]CVE-2013-2652

HistoryNov 02, 2013 - 6:55 p.m.

CVE-2013-2652

2013-11-0218:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-2652

crlf injection

webcollab

http response splitting

vulnerability

7.1 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter.

CPENameOperatorVersion
andrew_simpson:webcollabandrew simpson webcollabeq1.70
andrew_simpson:webcollabandrew simpson webcollabeq1.31
andrew_simpson:webcollabandrew simpson webcollabeq1.40
andrew_simpson:webcollabandrew simpson webcollable3.30
andrew_simpson:webcollabandrew simpson webcollabeq2.00
andrew_simpson:webcollabandrew simpson webcollabeq1.62a
andrew_simpson:webcollabandrew simpson webcollabeq1.71a
andrew_simpson:webcollabandrew simpson webcollabeq1.81
andrew_simpson:webcollabandrew simpson webcollabeq2.71
andrew_simpson:webcollabandrew simpson webcollabeq2.61

CPE	Name	Operator	Version
andrew_simpson:webcollab	andrew simpson webcollab	eq	1.70
andrew_simpson:webcollab	andrew simpson webcollab	eq	1.31
andrew_simpson:webcollab	andrew simpson webcollab	eq	1.40
andrew_simpson:webcollab	andrew simpson webcollab	le	3.30
andrew_simpson:webcollab	andrew simpson webcollab	eq	2.00
andrew_simpson:webcollab	andrew simpson webcollab	eq	1.62a
andrew_simpson:webcollab	andrew simpson webcollab	eq	1.71a
andrew_simpson:webcollab	andrew simpson webcollab	eq	1.81
andrew_simpson:webcollab	andrew simpson webcollab	eq	2.71
andrew_simpson:webcollab	andrew simpson webcollab	eq	2.61

Rows per page:

1-10 of 371

References

archives.neohapsis.com/archives/bugtraq/2013-10/0117.html

osvdb.org/98768

packetstormsecurity.com/files/123771/WebCollab-3.30-HTTP-Response-Splitting.html

secunia.com/advisories/55235

secunia.com/advisories/55295

sourceforge.net/p/webcollab/mailman/message/31536457/

www.securityfocus.com/bid/63247

exchange.xforce.ibmcloud.com/vulnerabilities/88177

7.1 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2013-2652

prion1 openvas1 securityvulns2 packetstorm1