CVE-2008-0202

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:expressionengine:expressionengine:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html -
References () http://securityreason.com/securityalert/3539 - () http://securityreason.com/securityalert/3539 -
References () http://securityvulns.ru/Sdocument472.html - () http://securityvulns.ru/Sdocument472.html -
References () http://websecurity.com.ua/1454/ - () http://websecurity.com.ua/1454/ -
References () http://www.securityfocus.com/archive/1/485786/100/0/threaded - () http://www.securityfocus.com/archive/1/485786/100/0/threaded -
References () http://www.securityfocus.com/bid/27128 - () http://www.securityfocus.com/bid/27128 -

Information

Published : 2008-01-10 00:46

Updated : 2024-11-21 00:41


NVD link : CVE-2008-0202

Mitre link : CVE-2008-0202

CVE.ORG link : CVE-2008-0202


JSON object : View

Products Affected

expressionengine

  • expressionengine
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')