CVE-2007-2292

Published: Apr 26, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Affected (3)

Products: Microsoft: Internet Explorer · Mozilla: Firefox, Seamonkey

1 product

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7.0.5730.11
Mozilla Firefox	Up to 2.0.0.8
Mozilla Seamonkey	Up to 1.1.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (104)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: cve@mitre.org

http://secunia.com/advisories/27276

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27298

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27311

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27315

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27325

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27327

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27335

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27336

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27356

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27360

Source: cve@mitre.org

http://secunia.com/advisories/27383

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27387

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27403

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27414

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27425

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27480

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27665

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27680

Source: cve@mitre.org

http://secunia.com/advisories/28398

Source: cve@mitre.org

http://securityreason.com/securityalert/2654

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Source: cve@mitre.org

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1392

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1396

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1401

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml

Source: cve@mitre.org

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2007/mfsa2007-31.html

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0979.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0980.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0981.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/466906/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482876/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482925/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482932/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23668

Source: cve@mitre.org

http://www.securitytracker.com/id?1017968

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-536-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3544

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3587

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0083

Source: cve@mitre.org

http://www.wisec.it/vulns.php?id=11

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=378787

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33981

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1858

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195

Source: cve@mitre.org

https://usn.ubuntu.com/535-1/

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742