CVE-2003-1338
Published Dec 31, 2003
Last updated 14 years ago
Overview
- Description
- CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/93.html 'http://cwe.mitre.org/data/definitions/93.html'
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D18F091-C79E-4493-8D7C-79938C3784D2",
"versionEndIncluding": "1.1.2"
}
],
"operator": "OR"
}
]
}
]