Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.9 views

Siemens RUGGEDCOM RST2428P Improper Access Control (CVE-2025-60876)

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS7.1AI score0.00258EPSS
Exploits1References3
OSV
OSV
added 2025/11/10 8:15 p.m.7 views

AZL-69985 CVE-2025-60876 affecting package busybox 1.35.0-18

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS5.7AI score0.00258EPSS
Exploits1References1
OSV
OSV
added 2025/11/10 8:15 p.m.3 views

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.2 views

PT-2025-46190

Name of the Vulnerable Software and Affected Versions BusyBox versions through 1.3.7 Description The software accepts raw CR 0x0D/LF 0x0A and other C0 control bytes within the HTTP request-target path/query. This allows an attacker to split the request line and inject controlled headers...

7.2CVSS6.5AI score0.02793EPSS
Exploits6References37
Rows per page
Query Builder