[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2292Date: (C)2007-04-26   (M)2023-12-22


CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1017968
http://www.securityfocus.com/archive/1/466906/100/0/threaded
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
SUNALERT-201516
BID-23668
SREASON-2654
SECUNIA-27276
SECUNIA-27298
SECUNIA-27311
SECUNIA-27315
SECUNIA-27325
SECUNIA-27327
SECUNIA-27335
SECUNIA-27336
SECUNIA-27356
SECUNIA-27360
SECUNIA-27383
SECUNIA-27387
SECUNIA-27403
SECUNIA-27414
SECUNIA-27425
SECUNIA-27480
SECUNIA-27665
SECUNIA-27680
SECUNIA-28398
ADV-2007-3544
ADV-2007-3587
ADV-2008-0083
DSA-1392
DSA-1396
DSA-1401
FEDORA-2007-2601
FEDORA-2007-2664
FEDORA-2007-3431
GLSA-200711-14
HPSBUX02153
MDKSA-2007:202
RHSA-2007:0979
RHSA-2007:0980
RHSA-2007:0981
SUSE-SA:2007:057
USN-535-1
USN-536-1
firefox-lf-response-splitting(33981)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-31.html
http://www.wisec.it/vulns.php?id=11
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
https://issues.rpath.com/browse/RPL-1858
oval:org.mitre.oval:def:10195

CPE    2
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-20

© SecPod Technologies