Lucene search

[email protected]CVE-2016-4803

HistoryJun 30, 2016 - 5:59 p.m.

CVE-2016-4803

2016-06-3017:59:06

[email protected]

web.nvd.nist.gov

cve-2016-4803

crlf injection

dotcms

email functionality

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Affected configurations

NVD

Node

dotcmsdotcmsRange≤3.3.1

CPENameOperatorVersion
dotcms:dotcmsdotcmsle3.3.1

CPE	Name	Operator	Version
dotcms:dotcms	dotcms	le	3.3.1

References

seclists.org/fulldisclosure/2016/May/69

www.securityfocus.com/bid/91529

dotcms.com/docs/latest/change-log#release-3.3.2

security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for CVE-2016-4803

packetstorm1 nvd1 prion1 cvelist1 openvas1