QwikSec

Security Database

CVE

CWE

Training

CVE-2013-7299

Published: Jan 26, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525

x_refsource_CONFIRM

[oss-security] 20140118 Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2

mailing-list

x_refsource_MLIST

FEDORA-2014-1619

vendor-advisory

x_refsource_FEDORA

[oss-security] 20140118 CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown

x_refsource_CONFIRM

cxxtools-cve20137299-session-hijacking(90565)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.