Lucene search

[email protected]CVE-2016-4803

HistoryJun 30, 2016 - 5:59 p.m.

CVE-2016-4803

2016-06-3017:59:06

[email protected]

web.nvd.nist.gov

cve-2016-4803

crlf injection

dotcms

email functionality

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.3%

JSON

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Affected configurations

NVD

Node

dotcmsdotcmsRange≤3.3.1

CPENameOperatorVersion
dotcms:dotcmsdotcmsle3.3.1

CPE	Name	Operator	Version
dotcms:dotcms	dotcms	le	3.3.1

References

seclists.org/fulldisclosure/2016/May/69

www.securityfocus.com/bid/91529

dotcms.com/docs/latest/change-log#release-3.3.2

security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2016-4803

nvd1 packetstorm1 cvelist1 prion1 openvas1