Lucene search

MitreCVE-2017-1000247

HistoryNov 17, 2017 - 4:29 a.m.

CVE-2017-1000247

2017-11-1704:29:00

CWE-20

mitre

web.nvd.nist.gov

cve-2017-1000247

british columbia institute of technology

codeigniter

http header injection

apache

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

36.5%

JSON

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.

Affected configurations

Nvd

Node

codeignitercodeigniterMatch3.1.3

VendorProductVersionCPE
codeignitercodeigniter3.1.3cpe:2.3:a:codeigniter:codeigniter:3.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codeigniter	codeigniter	3.1.3	cpe:2.3:a:codeigniter:codeigniter:3.1.3:::::::*

References

www.codeigniter.com/userguide3/changelog.html#version-3-1-4

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

36.5%

JSON

Related for CVE-2017-1000247