CVE-2009-1357

Published Apr 23, 2009

Last updated 6 years ago

CVSS info 6.8

Overview

Description: CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.2:-:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84FBFD6D-70D2-4068-A8FB-997F55962DBA"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.3:-:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DD69018-E00B-4A29-A1AD-0487756E763C"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.4:-:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42C7A680-F66F-44B7-85E6-910F92EBB94F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.2:-:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60880A55-685E-4079-8501-96734549AA45"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.3:-:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC59D17-A1A2-4D41-A163-270A33A0EE62"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.4:-:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C5A463D-99A0-413C-86C4-895696021474"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.2:-:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45ED4043-563B-49BB-A6CB-32109E7F0E28"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.3:-:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92BE2B12-7FA9-469F-8B91-D0D6C38E76F6"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_delegated_administrator:6.4:-:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ADC7E16-A2B6-43D7-BB99-9A48B9DE3449"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References