CVE-2016-1900 - OpenCVE

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cgit Project	Cgit
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html
http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html	Patch
http://www.debian.org/security/2016/dsa-3545
http://www.openwall.com/lists/oss-security/2016/01/14/3	Patch
http://www.openwall.com/lists/oss-security/2016/01/14/6

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-20T16:00:00

Updated: 2016-12-05T14:57:01

Reserved: 2016-01-14T00:00:00

Link: CVE-2016-1900

JSON object: View

NVD Information

Status : Modified

Published: 2016-01-20T16:59:04.910

Modified: 2016-12-07T18:33:08.980

Link: CVE-2016-1900

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "[CGit] 20160113 XSS in cgit", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"name": "FEDORA-2016-e5a5fb196f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"name": "openSUSE-SU-2016:0196", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1900", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "refsource": "MLIST", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "[CGit] 20160113 XSS in cgit", "refsource": "MLIST", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"name": "FEDORA-2016-e5a5fb196f", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"name": "openSUSE-SU-2016:0196", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"name": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463", "refsource": "CONFIRM", "url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1900", "datePublished": "2016-01-20T16:00:00", "dateReserved": "2016-01-14T00:00:00", "dateUpdated": "2016-12-05T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF3ADACB-C9F2-4EFB-8B07-AADA98BE5FA8", "versionEndIncluding": "0.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en la funci\u00f3n cgit_print_http_headers en ui-shared.c en CGit en versiones anteriores a 0.12 permite a atacantes remotos con permisos para escribir en un repositorio inyectar cabeceras HTTP arbitrarias y realizar ataques de separaci\u00f3n de respuesta HTTP o ataques XSS a trav\u00e9s de caracteres de nueva l\u00ednea en un nombre de archivo."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "id": "CVE-2016-1900", "lastModified": "2016-12-07T18:33:08.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-20T16:59:04.910", "references": [{"source": "cve@mitre.org", "url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"source": "cve@mitre.org", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3545"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}