CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
References
Link | Resource |
---|---|
http://secunia.com/advisories/14861 | Vendor Advisory |
http://securitytracker.com/id?1013666 | Vendor Advisory |
http://www.osvdb.org/15362 | Vendor Advisory |
http://www.security.org.sg/vuln/anhttpd142n.html | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/20031 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-04-13T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-04-13T00:00:00
Link: CVE-2005-1087
JSON object: View
NVD Information
Status : Modified
Published: 2005-04-07T04:00:00.000
Modified: 2017-07-11T01:32:31.547
Link: CVE-2005-1087
JSON object: View
Redhat Information
No data.
CWE