- Description
- CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
- Comment
- Per: http://cwe.mitre.org/data/definitions/93.html 'http://cwe.mitre.org/data/definitions/93.html'
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D18F091-C79E-4493-8D7C-79938C3784D2",
"versionEndIncluding": "1.1.2"
}
],
"operator": "OR"
}
]
}
]