CVE-2012-0310

Sažetak

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Reference

http://jvn.jp/en/jp/JVN63249231/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002
http://secunia.com/advisories/47496
http://secunia.com/advisories/47525
http://www.cogentdatahub.com/ReleaseNotes.html
http://www.securityfocus.com/bid/51375
http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72306

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:30

Objavljeno

13-01-2012 - 04:14