Lucene search

MitreCVE-2007-2550

HistoryMay 09, 2007 - 10:19 a.m.

CVE-2007-2550

2007-05-0910:19:00

mitre

web.nvd.nist.gov

cve-2007-2550

crlf injection

devellion cubecart

security vulnerability

http response splitting

remote attack

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.041

Percentile

92.2%

JSON

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with “ccSID” to (1) cart.php or (2) index.php.

Affected configurations

Nvd

Node

devellioncubecartMatch3.0.15

VendorProductVersionCPE
devellioncubecart3.0.15cpe:2.3:a:devellion:cubecart:3.0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
devellion	cubecart	3.0.15	cpe:2.3:a:devellion:cubecart:3.0.15:::::::*

References

osvdb.org/36209

osvdb.org/36210

securityreason.com/securityalert/2678

www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1&showtopic=27418

www.securityfocus.com/archive/1/467828/100/0/threaded

www.securityfocus.com/archive/1/468053/100/0/threaded

www.securityfocus.com/bid/23852

exchange.xforce.ibmcloud.com/vulnerabilities/34141

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.041

Percentile

92.2%

JSON

Related for CVE-2007-2550