Lucene search

K
cvelistMitreCVELIST:CVE-2011-3000
HistorySep 29, 2011 - 12:00 a.m.

CVE-2011-3000

2011-09-2900:00:00
mitre
www.cve.org

9.4 High

AI Score

Confidence

High

0.201 Low

EPSS

Percentile

96.4%

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.