CVE-2005-1087

Sažetak

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.

Reference

http://secunia.com/advisories/14861
http://securitytracker.com/id?1013666
http://www.osvdb.org/15362
http://www.security.org.sg/vuln/anhttpd142n.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/20031

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

07-04-2005 - 04:00