Lucene search

[email protected]NVD:CVE-2007-0892

HistoryFeb 12, 2007 - 11:28 p.m.

CVE-2007-0892

2007-02-1223:28:00

CWE-93

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.013

Percentile

85.8%

JSON

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with “FILE:”.

Affected configurations

Nvd

Node

matthieu_aubryphpmyvisitesRange≤2.1

matthieu_aubryphpmyvisitesMatch0.1_beta

matthieu_aubryphpmyvisitesMatch1.0

matthieu_aubryphpmyvisitesMatch1.1

matthieu_aubryphpmyvisitesMatch1.2

matthieu_aubryphpmyvisitesMatch1.2.1

matthieu_aubryphpmyvisitesMatch1.2.2

matthieu_aubryphpmyvisitesMatch1.2_beta

matthieu_aubryphpmyvisitesMatch1.3

VendorProductVersionCPE
matthieu_aubryphpmyvisites*cpe:2.3:a:matthieu_aubry:phpmyvisites:*:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites0.1_betacpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.0cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.1cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.2cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.2.1cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.2.2cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.2_betacpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:*:*:*:*:*:*:*
matthieu_aubryphpmyvisites1.3cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
matthieu_aubry	phpmyvisites	*	cpe:2.3:a:matthieu_aubry:phpmyvisites::::::::
matthieu_aubry	phpmyvisites	0.1_beta	cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:::::::*
matthieu_aubry	phpmyvisites	1.0	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:::::::*
matthieu_aubry	phpmyvisites	1.1	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:::::::*
matthieu_aubry	phpmyvisites	1.2	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:::::::*
matthieu_aubry	phpmyvisites	1.2.1	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:::::::*
matthieu_aubry	phpmyvisites	1.2.2	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:::::::*
matthieu_aubry	phpmyvisites	1.2_beta	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:::::::*
matthieu_aubry	phpmyvisites	1.3	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:::::::*

References

marc.info/?l=full-disclosure&m=117121596803908&w=2

osvdb.org/33177

www.securityfocus.com/archive/1/459792/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/32428

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.013

Percentile

85.8%

JSON

Related for NVD:CVE-2007-0892

cve1 prion1 cvelist1 securityvulns1