CVE-2014-2017

Published: Jan 18, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected (6)

Products: Oxidforge: Eshop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oxidforge Eshop	Before 4.7.11
Oxidforge Eshop	From 4.8.0 to 4.8.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Oxidforge Eshop	Before 5.0.11
Oxidforge Eshop	From 5.1.0 to 5.1.4

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Oxidforge Eshop	Before 4.7.11
Oxidforge Eshop	From 4.8.0 to 4.8.4

Related CWEs

Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References (4)

https://bugs.oxid-esales.com/view.php?id=5635

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://oxidforge.org/en/security-bulletin-2014-002.html

Source: cve@mitre.org

PatchVendor Advisory

https://bugs.oxid-esales.com/view.php?id=5635

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://oxidforge.org/en/security-bulletin-2014-002.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.