Lucene search

[email protected]NVD:CVE-2007-4190

HistoryAug 08, 2007 - 1:17 a.m.

CVE-2007-4190

2007-08-0801:17:00

CWE-74

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

joomlajoomla\!Range<1.0.13

VendorProductVersionCPE
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

osvdb.org/38739

secunia.com/advisories/26239

www.joomla.org/content/view/3677/1/

www.vupen.com/english/advisories/2007/2719

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

Related for NVD:CVE-2007-4190

cvelist1 prion1 osv1 github1 cve1 freebsd1 openvas2 nessus1