Vulnerability Description
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Domino | 8.5.0 |
Related Weaknesses (CWE)
References
- http://websecurity.com.ua/5839/
- http://www-01.ibm.com/support/docview.wss?uid=swg21608160
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77400
- http://websecurity.com.ua/5839/
- http://www-01.ibm.com/support/docview.wss?uid=swg21608160
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77400
FAQ
What is CVE-2012-3301?
CVE-2012-3301 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks vi...
How severe is CVE-2012-3301?
CVE-2012-3301 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3301?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Domino.