Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1087

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-1087
Last Modified 05 Sep 2008 04:48:10
Published 07 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1087

Summary

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.

Vulnerable Systems

Application

  • An-httpd 1.42n


References

XF - an-httpd-logfile-character-injection(20031)

MISC - http://www.security.org.sg/vuln/anhttpd142n.html

OSVDB - 15362

SECTRACK - 1013666

SECUNIA - 14861


Last Updated: 27 May 2016 10:40:02