CVE-2008-1770

2008-06-0421:32:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.16

Percentile

96.0%

JSON

CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.

Affected configurations

Nvd

Node

akamaidownload_managerRange≤2.2.3.5

akamaidownload_managerMatch2.0.4.4

akamaidownload_managerMatch2.2.0.0

akamaidownload_managerMatch2.2.1.0

VendorProductVersionCPE
akamaidownload_manager*cpe:2.3:a:akamai:download_manager:*:*:*:*:*:*:*:*
akamaidownload_manager2.0.4.4cpe:2.3:a:akamai:download_manager:2.0.4.4:*:*:*:*:*:*:*
akamaidownload_manager2.2.0.0cpe:2.3:a:akamai:download_manager:2.2.0.0:*:*:*:*:*:*:*
akamaidownload_manager2.2.1.0cpe:2.3:a:akamai:download_manager:2.2.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
akamai	download_manager	*	cpe:2.3:a:akamai:download_manager::::::::
akamai	download_manager	2.0.4.4	cpe:2.3:a:akamai:download_manager:2.0.4.4:::::::*
akamai	download_manager	2.2.0.0	cpe:2.3:a:akamai:download_manager:2.2.0.0:::::::*
akamai	download_manager	2.2.1.0	cpe:2.3:a:akamai:download_manager:2.2.1.0:::::::*