CVE-2012-3301

EPSS 0.26%
Veröffentlicht 21.08.2012 10:46:10
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Lotus Domino Version8.5.0

Ibm ≫ Lotus Domino Version8.5.0.1

Ibm ≫ Lotus Domino Version8.5.1.1

Ibm ≫ Lotus Domino Version8.5.1.2

Ibm ≫ Lotus Domino Version8.5.1.3

Ibm ≫ Lotus Domino Version8.5.1.4

Ibm ≫ Lotus Domino Version8.5.1.5

Ibm ≫ Lotus Domino Version8.5.2.0

Ibm ≫ Lotus Domino Version8.5.2.1

Ibm ≫ Lotus Domino Version8.5.2.2

Ibm ≫ Lotus Domino Version8.5.2.3

Ibm ≫ Lotus Domino Version8.5.2.4

Ibm ≫ Lotus Domino Version8.5.3.0

Ibm ≫ Lotus Domino Version8.5.3.1

Ibm ≫ Lotus Domino Version8.5.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.488

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://websecurity.com.ua/5839/

http://www-01.ibm.com/support/docview.wss?uid=swg21608160

https://exchange.xforce.ibmcloud.com/vulnerabilities/77400

https://nvd.nist.gov/vuln/detail/CVE-2012-3301

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3301

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3301

EUVD