[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3200Date: (C)2015-06-11   (M)2023-12-22


mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
SECTRACK-1032405
BID-74813
FEDORA-2015-12250
FEDORA-2015-12252
http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
http://redmine.lighttpd.net/issues/2646
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://kc.mcafee.com/corporate/index?page=content&id=SB10310

CPE    1
cpe:/a:lighttpd:lighttpd
CWE    1
CWE-74
OVAL    2
oval:org.secpod.oval:def:109424
oval:org.secpod.oval:def:109400

© SecPod Technologies