CVE-2007-0892

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=full-disclosure&m=117121596803908&w=2	Third Party Advisory
http://osvdb.org/33177	Broken Link
http://www.securityfocus.com/archive/1/459792/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32428

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:matthieu_aubry:phpmyvisites::::::::
	cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:::::::*

History

No history.

Information

Published : 2007-02-12 23:28

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0892

Mitre link : CVE-2007-0892

CVE.ORG link : CVE-2007-0892

JSON object : View

Products Affected

matthieu_aubry

phpmyvisites

CWE

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

{"id": "CVE-2007-0892", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-12T23:28:00.000", "references": [{"url": "http://marc.info/?l=full-disclosure&m=117121596803908&w=2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33177", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/459792/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32428", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-93"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with \"FILE:\"."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en phpMyVisites anterior a 2.2 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y conducir respuestas HTTP dividiendo ataques a trav\u00e9s de secuencias CRLF en el par\u00e1metro url, cuando el par\u00e1metro pagename comienza con \"FILE:\"."}], "lastModified": "2018-10-16T16:35:05.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3EA8EE-BB15-477E-8264-F0A7A08C57A7", "versionEndIncluding": "2.1"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B94A2BE-746A-4306-A255-AA7687D63433"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10F69FD-5578-4D84-98D5-30C2FF951A57"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94EE3865-3F82-4607-B73F-3FC8EFCB4DD1"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EBB328F-120A-4C98-94A7-4643BE7C23DE"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "183D3FFD-A4CB-42C8-978E-1608387CECD4"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74EB894E-25B8-4E74-83DF-741B27D739A7"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4753A788-14D5-438D-AB16-E1DA0E6A1934"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA73BFE8-81FF-4D4F-B290-05FBE6CF9BFA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}