4.3

CVE-2007-2292

EPSS 1.54%
Veröffentlicht 26.04.2007 20:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 55

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version7.0.5730.11

Mozilla ≫ Firefox Version <= 2.0.0.8

Mozilla ≫ Seamonkey Version <= 1.1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.54%	0.796

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.vupen.com/english/advisories/2008/0083

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://secunia.com/advisories/27298

Vendor Advisory

http://secunia.com/advisories/27335

Vendor Advisory

http://secunia.com/advisories/27383

Vendor Advisory

http://secunia.com/advisories/27387

Vendor Advisory

http://secunia.com/advisories/27403

Vendor Advisory

http://secunia.com/advisories/27414

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482932/100/200/threaded

http://www.ubuntu.com/usn/usn-536-1

http://www.vupen.com/english/advisories/2007/3544

https://issues.rpath.com/browse/RPL-1858

https://usn.ubuntu.com/535-1/

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

http://secunia.com/advisories/27276

Vendor Advisory

http://secunia.com/advisories/27311

Vendor Advisory

http://secunia.com/advisories/27315

Vendor Advisory

http://secunia.com/advisories/27325

Vendor Advisory

http://secunia.com/advisories/27327

Vendor Advisory

http://secunia.com/advisories/27336

Vendor Advisory

http://secunia.com/advisories/27356

Vendor Advisory

http://secunia.com/advisories/27360

http://secunia.com/advisories/27425

Vendor Advisory

http://secunia.com/advisories/27480

Vendor Advisory

http://secunia.com/advisories/27665

Vendor Advisory

http://secunia.com/advisories/27680

http://secunia.com/advisories/28398

http://www.debian.org/security/2007/dsa-1392

http://www.debian.org/security/2007/dsa-1396

http://www.debian.org/security/2007/dsa-1401

http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml

http://www.redhat.com/support/errata/RHSA-2007-0979.html

http://www.redhat.com/support/errata/RHSA-2007-0980.html

http://www.redhat.com/support/errata/RHSA-2007-0981.html

http://www.vupen.com/english/advisories/2007/3587

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

http://securityreason.com/securityalert/2654

http://www.securityfocus.com/archive/1/466906/100/0/threaded

http://www.securityfocus.com/bid/23668

http://www.wisec.it/vulns.php?id=11

http://www.mozilla.org/security/announce/2007/mfsa2007-31.html

http://www.securitytracker.com/id?1017968

https://bugzilla.mozilla.org/show_bug.cgi?id=378787

https://exchange.xforce.ibmcloud.com/vulnerabilities/33981

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195

https://nvd.nist.gov/vuln/detail/CVE-2007-2292

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2292

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2292

EUVD