6.4

CVE-2012-5486

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PlonePlone Version <= 4.2.2
PlonePlone Version1.0
PlonePlone Version1.0.1
PlonePlone Version1.0.2
PlonePlone Version1.0.3
PlonePlone Version1.0.4
PlonePlone Version1.0.5
PlonePlone Version1.0.6
PlonePlone Version2.0
PlonePlone Version2.0.1
PlonePlone Version2.0.2
PlonePlone Version2.0.3
PlonePlone Version2.0.4
PlonePlone Version2.0.5
PlonePlone Version2.1
PlonePlone Version2.1.1
PlonePlone Version2.1.2
PlonePlone Version2.1.3
PlonePlone Version2.1.4
PlonePlone Version2.5
PlonePlone Version2.5.1
PlonePlone Version2.5.2
PlonePlone Version2.5.3
PlonePlone Version2.5.4
PlonePlone Version2.5.5
PlonePlone Version3.0
PlonePlone Version3.0.1
PlonePlone Version3.0.2
PlonePlone Version3.0.3
PlonePlone Version3.0.4
PlonePlone Version3.0.5
PlonePlone Version3.0.6
PlonePlone Version3.1
PlonePlone Version3.1.1
PlonePlone Version3.1.2
PlonePlone Version3.1.3
PlonePlone Version3.1.4
PlonePlone Version3.1.5.1
PlonePlone Version3.1.6
PlonePlone Version3.1.7
PlonePlone Version3.2
PlonePlone Version3.2.1
PlonePlone Version3.2.2
PlonePlone Version3.2.3
PlonePlone Version3.3
PlonePlone Version3.3.1
PlonePlone Version3.3.2
PlonePlone Version3.3.3
PlonePlone Version3.3.4
PlonePlone Version3.3.5
PlonePlone Version4.0
PlonePlone Version4.0.1
PlonePlone Version4.0.2
PlonePlone Version4.0.3
PlonePlone Version4.0.4
PlonePlone Version4.0.5
PlonePlone Version4.0.6.1
PlonePlone Version4.1
PlonePlone Version4.1.4
PlonePlone Version4.1.5
PlonePlone Version4.1.6
PlonePlone Version4.2
PlonePlone Version4.2 Updatea1
PlonePlone Version4.2 Updatea2
PlonePlone Version4.2 Updateb1
PlonePlone Version4.2 Updateb2
PlonePlone Version4.2 Updaterc1
PlonePlone Version4.2 Updaterc2
PlonePlone Version4.2.0.1
PlonePlone Version4.2.1
PlonePlone Version4.2.1.1
PlonePlone Version4.3
ZopeZope Version2.5.1
ZopeZope Version2.6.1
ZopeZope Version2.6.4
ZopeZope Version2.7.0
ZopeZope Version2.7.3
ZopeZope Version2.7.4
ZopeZope Version2.7.5
ZopeZope Version2.7.6
ZopeZope Version2.7.7
ZopeZope Version2.7.8
ZopeZope Version2.8.1
ZopeZope Version2.8.4
ZopeZope Version2.8.6
ZopeZope Version2.8.8
ZopeZope Version2.9.2
ZopeZope Version2.9.3
ZopeZope Version2.9.4
ZopeZope Version2.9.5
ZopeZope Version2.9.6
ZopeZope Version2.9.7
ZopeZope Version2.10.3
ZopeZope Version2.10.8
ZopeZope Version2.11.0
ZopeZope Version2.11.1
ZopeZope Version2.11.2
ZopeZope Version2.11.3
ZopeZope Version2.13.18
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.721
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P