gsd - gsd-2008-0202

gsd-2008-0202

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.

Aliases

CVE-2008-0202

Aliases

CVE-2008-0202

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0202",
    "description": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.",
    "id": "GSD-2008-0202"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0202"
      ],
      "details": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.",
      "id": "GSD-2008-0202",
      "modified": "2023-12-13T01:22:58.240482Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0202",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27128",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27128"
          },
          {
            "name": "http://websecurity.com.ua/1454/",
            "refsource": "MISC",
            "url": "http://websecurity.com.ua/1454/"
          },
          {
            "name": "http://securityvulns.ru/Sdocument472.html",
            "refsource": "MISC",
            "url": "http://securityvulns.ru/Sdocument472.html"
          },
          {
            "name": "20080103 securityvulns.com russian vulnerabilities digest",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
          },
          {
            "name": "20080103 securityvulns.com russian vulnerabilities digest",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
          },
          {
            "name": "3539",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3539"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0202"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080103 securityvulns.com russian vulnerabilities digest",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
            },
            {
              "name": "http://securityvulns.ru/Sdocument472.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://securityvulns.ru/Sdocument472.html"
            },
            {
              "name": "http://websecurity.com.ua/1454/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://websecurity.com.ua/1454/"
            },
            {
              "name": "3539",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3539"
            },
            {
              "name": "27128",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27128"
            },
            {
              "name": "20080103 securityvulns.com russian vulnerabilities digest",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:58Z",
      "publishedDate": "2008-01-10T00:46Z"
    }
  }
}

CVE-2008-0202 (GCVE-0-2008-0202)

Vulnerability from cvelistv5

Published

2008-01-10 00:00

Modified

2024-08-07 07:39

Severity ?

CWE

Summary

References

►

URL

Tags

	http://www.securityfocus.com/bid/27128	vdb-entry, x_refsource_BID
	http://websecurity.com.ua/1454/	x_refsource_MISC
	http://securityvulns.ru/Sdocument472.html	x_refsource_MISC
	http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html	mailing-list, x_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/485786/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securityreason.com/securityalert/3539	third-party-advisory, x_refsource_SREASON

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website