Vulnerability Description
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 7.0.5730.11 |
| Mozilla | Firefox | <= 2.0.0.8 |
| Mozilla | Seamonkey | <= 1.1.5 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/27276Vendor Advisory
- http://secunia.com/advisories/27298Vendor Advisory
- http://secunia.com/advisories/27311Vendor Advisory
- http://secunia.com/advisories/27315Vendor Advisory
- http://secunia.com/advisories/27325Vendor Advisory
- http://secunia.com/advisories/27327Vendor Advisory
- http://secunia.com/advisories/27335Vendor Advisory
- http://secunia.com/advisories/27336Vendor Advisory
- http://secunia.com/advisories/27356Vendor Advisory
- http://secunia.com/advisories/27360
- http://secunia.com/advisories/27383Vendor Advisory
- http://secunia.com/advisories/27387Vendor Advisory
- http://secunia.com/advisories/27403Vendor Advisory
- http://secunia.com/advisories/27414Vendor Advisory
FAQ
What is CVE-2007-2292?
CVE-2007-2292 is a vulnerability with a CVSS score of 4.3 (MEDIUM). CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF...
How severe is CVE-2007-2292?
CVE-2007-2292 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2292?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Mozilla Firefox, Mozilla Seamonkey.