Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0310

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-0310
Last Modified 30 Jan 2012 11:08:54
Published 12 Jan 2012 11:14:39
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0310

Summary

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Systems

Application

  • Cogentdatahub Cascade Datahub 6.4.20

  • Cogentdatahub Cogent Datahub 7.0

  • Cogentdatahub Cogent Datahub 7.0.2

  • Cogentdatahub Cogent Datahub 7.1.0

  • Cogentdatahub Cogent Datahub 7.1.1

  • Cogentdatahub Cogent Datahub 7.1.1.63

  • Cogentdatahub Cogent Datahub 7.1.2

  • Cogentdatahub Opc Datahub 6.4.20


References

CONFIRM - http://www.cogentdatahub.com/ReleaseNotes.html

JVNDB - JVNDB-2012-000002

JVN - JVN#63249231

XF - cogentdatahub-unspecified-header-injection(72306)

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf

BID - 51375

SECUNIA - 47525

SECUNIA - 47496


Last Updated: 27 May 2016 10:57:19