[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-2292

Date: (C)2007-04-26   (M)2017-10-12 


CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1017968
http://www.securityfocus.com/archive/1/archive/1/466906/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/482932/100/200/threaded
SUNALERT-201516
BID-23668
SREASON-2654
SECUNIA-27276
SECUNIA-27298
SECUNIA-27311
SECUNIA-27315
SECUNIA-27325
SECUNIA-27327
SECUNIA-27335
SECUNIA-27336
SECUNIA-27356
SECUNIA-27360
SECUNIA-27383
SECUNIA-27387
SECUNIA-27403
SECUNIA-27414
SECUNIA-27425
SECUNIA-27480
SECUNIA-27665
SECUNIA-27680
SECUNIA-28398
ADV-2007-3544
ADV-2007-3587
ADV-2008-0083
DSA-1392
DSA-1396
DSA-1401
FEDORA-2007-2601
FEDORA-2007-2664
FEDORA-2007-3431
GLSA-200711-14
HPSBUX02153
MDKSA-2007:202
RHSA-2007:0979
RHSA-2007:0980
RHSA-2007:0981
SSRT061181
SUSE-SA:2007:057
USN-535-1
USN-536-1
firefox-lf-response-splitting(33981)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-31.html
http://www.wisec.it/vulns.php?id=11
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
https://issues.rpath.com/browse/RPL-1858

CPE    3
cpe:/a:mozilla:firefox:2.0.0.8
cpe:/a:mozilla:seamonkey:1.1.5
cpe:/a:microsoft:ie:7.0.5730.11
CWE    1
CWE-20

© 2013 SecPod Technologies