Lucene search

[email protected]NVD:CVE-2024-40324

HistoryJul 25, 2024 - 8:15 p.m.

CVE-2024-40324

2024-07-2520:15:05

CWE-74

CWE-93

CWE-113

[email protected]

web.nvd.nist.gov

crlf injection

e-staff v5.1

http response splitting

header manipulation

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

Affected configurations

Nvd

Node

datex-softe-staffMatch5.1

VendorProductVersionCPE
datex-softe-staff5.1cpe:2.3:a:datex-soft:e-staff:5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
datex-soft	e-staff	5.1	cpe:2.3:a:datex-soft:e-staff:5.1:::::::*

References

github.com/aleksey-vi/CVE-2024-40324

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-40324

cvelist1 cve1 vulnrichment1