CRLF Injection

2020-04-1000:58:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

thunderbird and firefox are vulnerable to CRLF injection. A remote attacker is able to bypass intended access restrictions using a string containing a newline \n character.

CPENameOperatorVersion
thunderbirdeq2.0.0.24__10.el5_5
thunderbirdeq1.5.0.12__34.el4
thunderbirdeq1.5.0.12__38.el4
thunderbirdeq2.0.0.18__1.el5
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq3.1.9__3.el6_0
thunderbirdeq1.5.0.9__0.1.el4
thunderbirdeq1.5.0.12__36.el4
thunderbirdeq1.5.0.12__30.el4
thunderbirdeq2.0.0.24__8.el5

Name	Operator	Version
thunderbird	eq	2.0.0.24__10.el5_5
thunderbird	eq	1.5.0.12__34.el4
thunderbird	eq	1.5.0.12__38.el4
thunderbird	eq	2.0.0.18__1.el5
thunderbird	eq	1.5.0.5__0.el4.2
thunderbird	eq	3.1.9__3.el6_0
thunderbird	eq	1.5.0.9__0.1.el4
thunderbird	eq	1.5.0.12__36.el4
thunderbird	eq	1.5.0.12__30.el4
thunderbird	eq	2.0.0.24__8.el5