Lucene search
HistorySep 30, 2014 - 2:55 p.m.
CVE-2012-5486
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.012
Percentile
85.0%
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
Affected configurations
Node
ploneploneRange≤4.2.2
ORploneploneMatch1.0
ORploneploneMatch1.0.1
ORploneploneMatch1.0.2
ORploneploneMatch1.0.3
ORploneploneMatch1.0.4
ORploneploneMatch1.0.5
ORploneploneMatch1.0.6
ORploneploneMatch2.0
ORploneploneMatch2.0.1
ORploneploneMatch2.0.2
ORploneploneMatch2.0.3
ORploneploneMatch2.0.4
ORploneploneMatch2.0.5
ORploneploneMatch2.1
ORploneploneMatch2.1.1
ORploneploneMatch2.1.2
ORploneploneMatch2.1.3
ORploneploneMatch2.1.4
ORploneploneMatch2.5
ORploneploneMatch2.5.1
ORploneploneMatch2.5.2
ORploneploneMatch2.5.3
ORploneploneMatch2.5.4
ORploneploneMatch2.5.5
ORploneploneMatch3.0
ORploneploneMatch3.0.1
ORploneploneMatch3.0.2
ORploneploneMatch3.0.3
ORploneploneMatch3.0.4
ORploneploneMatch3.0.5
ORploneploneMatch3.0.6
ORploneploneMatch3.1
ORploneploneMatch3.1.1
ORploneploneMatch3.1.2
ORploneploneMatch3.1.3
ORploneploneMatch3.1.4
ORploneploneMatch3.1.5.1
ORploneploneMatch3.1.6
ORploneploneMatch3.1.7
ORploneploneMatch3.2
ORploneploneMatch3.2.1
ORploneploneMatch3.2.2
ORploneploneMatch3.2.3
ORploneploneMatch3.3
ORploneploneMatch3.3.1
ORploneploneMatch3.3.2
ORploneploneMatch3.3.3
ORploneploneMatch3.3.4
ORploneploneMatch3.3.5
ORploneploneMatch4.0
ORploneploneMatch4.0.1
ORploneploneMatch4.0.2
ORploneploneMatch4.0.3
ORploneploneMatch4.0.4
ORploneploneMatch4.0.5
ORploneploneMatch4.0.6.1
ORploneploneMatch4.1
ORploneploneMatch4.1.4
ORploneploneMatch4.1.5
ORploneploneMatch4.1.6
ORploneploneMatch4.2
ORploneploneMatch4.2a1
ORploneploneMatch4.2a2
ORploneploneMatch4.2b1
ORploneploneMatch4.2b2
ORploneploneMatch4.2rc1
ORploneploneMatch4.2rc2
ORploneploneMatch4.2.0.1
ORploneploneMatch4.2.1
ORploneploneMatch4.2.1.1
ORploneploneMatch4.3
Node
zopezopeMatch2.5.1
ORzopezopeMatch2.6.1
ORzopezopeMatch2.6.4
ORzopezopeMatch2.7.0
ORzopezopeMatch2.7.3
ORzopezopeMatch2.7.4
ORzopezopeMatch2.7.5
ORzopezopeMatch2.7.6
ORzopezopeMatch2.7.7
ORzopezopeMatch2.7.8
ORzopezopeMatch2.8.1
ORzopezopeMatch2.8.4
ORzopezopeMatch2.8.6
ORzopezopeMatch2.8.8
ORzopezopeMatch2.9.2
ORzopezopeMatch2.9.3
ORzopezopeMatch2.9.4
ORzopezopeMatch2.9.5
ORzopezopeMatch2.9.6
ORzopezopeMatch2.9.7
ORzopezopeMatch2.10.3
ORzopezopeMatch2.10.8
ORzopezopeMatch2.11.0
ORzopezopeMatch2.11.1
ORzopezopeMatch2.11.2
ORzopezopeMatch2.11.3
ORzopezopeMatch2.13.18
Related
osv
osv
PYSEC-2014-28
2014-09-30 14:55:00
PYSEC-2014-73
2014-09-30 14:55:00
HTTP header injection in Plone and Zope2
2018-07-23 19:51:50
prion
prion
Code injection
2014-09-30 14:55:00
cvelist
cvelist
CVE-2012-5486
2014-09-30 14:00:00
github
github
HTTP header injection in Plone and Zope2
2018-07-23 19:51:50
cve
cve
CVE-2012-5486
2014-09-30 14:55:05
nessus
nessus
Oracle Linux 5 : conga (ELSA-2014-1194)
2014-09-18 00:00:00
RHEL 5 : conga (RHSA-2014:1194)
2014-11-08 00:00:00
CentOS 5 : conga (CESA-2014:1194)
2014-10-01 00:00:00
centos
centos
luci, ricci security update
2014-09-30 11:21:33
veracode
veracode
Information Disclosure
2019-05-02 05:04:02
Access Restriction Bypass
2019-05-02 05:04:02
openvas
openvas
Oracle: Security Advisory (ELSA-2014-1194)
2015-10-06 00:00:00
CentOS Update for luci CESA-2014:1194 centos5
2014-10-01 00:00:00
redhat
redhat
(RHSA-2014:1194) Moderate: conga security and bug fix update
2014-09-16 00:00:00
oraclelinux
oraclelinux
conga security and bug fix update
2014-09-17 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.012
Percentile
85.0%
Related for NVD:CVE-2012-5486