CVE-2007-5615

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
http://www.kb.cert.org/vuls/id/212984	US Government Resource
http://www.securityfocus.com/bid/26696
http://secunia.com/advisories/27925
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
http://secunia.com/advisories/30941
http://osvdb.org/42495
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/35143

Configurations

Configuration 1 (hide)

cpe:2.3:a:mortbay_jetty:jetty:*:*:*:*:*:*:*:*

Information

Published : 2007-12-05 03:46

Updated : 2009-06-09 22:09

NVD link : CVE-2007-5615

Mitre link : CVE-2007-5615

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

mortbay_jetty

jetty

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt", "name": "http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/212984", "name": "VU#212984", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/26696", "name": "26696", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/27925", "name": "27925", "tags": [], "refsource": "SECUNIA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html", "name": "FEDORA-2008-6164", "tags": [], "refsource": "FEDORA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html", "name": "FEDORA-2008-6141", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/30941", "name": "30941", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/42495", "name": "42495", "tags": [], "refsource": "OSVDB"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "name": "SUSE-SR:2009:004", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/35143", "name": "35143", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5615", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-12-05T11:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mortbay_jetty:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.1.6rc0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-06-10T05:09Z"}

5.0 /10