FKIE_CVE-2012-3301

Vulnerability from fkie_nvd - Published: 2012-08-21 10:46 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
References
psirt@us.ibm.comhttp://websecurity.com.ua/5839/
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21608160
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77400
af854a3a-2127-422b-91ae-364da2661108http://websecurity.com.ua/5839/
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21608160
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77400
Impacted products
Vendor Product Version
ibm lotus_domino 8.5.0
ibm lotus_domino 8.5.0.1
ibm lotus_domino 8.5.1.1
ibm lotus_domino 8.5.1.2
ibm lotus_domino 8.5.1.3
ibm lotus_domino 8.5.1.4
ibm lotus_domino 8.5.1.5
ibm lotus_domino 8.5.2.0
ibm lotus_domino 8.5.2.1
ibm lotus_domino 8.5.2.2
ibm lotus_domino 8.5.2.3
ibm lotus_domino 8.5.2.4
ibm lotus_domino 8.5.3.0
ibm lotus_domino 8.5.3.1
ibm lotus_domino 8.5.3.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en el servidor HTTP en IBM Lotus Domino v8.5.x anterior a v8.5.4 permite a atacantes remotos  inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuesta que involucran (1)Mozilla Firefox v3.0.9 y anteriores o (2) otros navegadores no especificados."
    }
  ],
  "id": "CVE-2012-3301",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-21T10:46:10.700",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://websecurity.com.ua/5839/"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://websecurity.com.ua/5839/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.