Japan Vulnerability NotesJVN:63249231JVN#63249231: Cogent DataHub vulnerable to HTTP header injection
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.015 Low
EPSS
Percentile
87.0%
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability (also known as CRLF, carriage return line feed, injection vulnerability).
Impact
If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on the user’s web browser or an HTTP response splitting attack may be conducted.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Products Affected
- Cogent DataHub 7.1.2 and earlier
- OPC DataHub 6.4.20 and earlier
- Cascade DataHub V6.4.20 and earlier
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.015 Low
EPSS
Percentile
87.0%