QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2550

Published: May 9, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

20070505 UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

20070509 Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_OSVDB

http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1&showtopic=27418

x_refsource_CONFIRM

cubecart-cart-index-crlf-header-injection(34141)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.