Vulnerability Description
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| An | An-Httpd | 1.42n |
References
- http://secunia.com/advisories/14861Vendor Advisory
- http://securitytracker.com/id?1013666Vendor Advisory
- http://www.osvdb.org/15362Vendor Advisory
- http://www.security.org.sg/vuln/anhttpd142n.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20031
- http://secunia.com/advisories/14861Vendor Advisory
- http://securitytracker.com/id?1013666Vendor Advisory
- http://www.osvdb.org/15362Vendor Advisory
- http://www.security.org.sg/vuln/anhttpd142n.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20031
FAQ
What is CVE-2005-1087?
CVE-2005-1087 is a vulnerability with a CVSS score of 6.4 (MEDIUM). CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, ...
How severe is CVE-2005-1087?
CVE-2005-1087 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1087?
Check the references section above for vendor advisories and patch information. Affected products include: An An-Httpd.