Lucene search

MitreCVE-2003-1338

HistorySep 23, 2007 - 11:00 p.m.

CVE-2003-1338

2007-09-2323:00:00

mitre

web.nvd.nist.gov

crlf injection

aprelium abyss web server

http response splitting

cve-2003-1338

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

57.8%

JSON

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.

Affected configurations

Nvd

Node

aprelium_technologiesabyss_web_serverRange≤1.1.2

VendorProductVersionCPE
aprelium_technologiesabyss_web_server*cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aprelium_technologies	abyss_web_server	*	cpe:2.3:a:aprelium_technologies:abyss_web_server::::::::

References

archives.neohapsis.com/archives/bugtraq/2003-06/0235.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

57.8%

JSON

Related for CVE-2003-1338