CoSign CHECK Command cosign Cookie Variable CRLF Injection

ID OSVDB:34833
Type osvdb
Reporter OSVDB
Modified 2007-03-28T05:03:58


Solution Description

Upgrade to version 2.0.2a, 1.9.4b or higher, as it has been reported to fix this vulnerability. In addition, Cosign has released a patch for some older versions.


Vendor URL: Vendor Specific News/Changelog Entry: Secunia Advisory ID:24845 Related OSVDB ID: 34834 Mail List Post: FrSIRT Advisory: ADV-2007-1359 CVE-2007-2232