Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3301

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3301
Last Modified 21 Aug 2012 12:00:00
Published 21 Aug 2012 06:46:10
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3301

Summary

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.

Vulnerable Systems

Application

  • Ibm Lotus Domino 8.5.0

  • Ibm Lotus Domino 8.5.0.1

  • Ibm Lotus Domino 8.5.1.1

  • Ibm Lotus Domino 8.5.1.2

  • Ibm Lotus Domino 8.5.1.3

  • Ibm Lotus Domino 8.5.1.4

  • Ibm Lotus Domino 8.5.1.5

  • Ibm Lotus Domino 8.5.2.0

  • Ibm Lotus Domino 8.5.2.1

  • Ibm Lotus Domino 8.5.2.2

  • Ibm Lotus Domino 8.5.2.3

  • Ibm Lotus Domino 8.5.2.4

  • Ibm Lotus Domino 8.5.3.0

  • Ibm Lotus Domino 8.5.3.1

  • Ibm Lotus Domino 8.5.3.2


References

XF - lotus-domino-response-splitting(77400)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21608160

MISC - http://websecurity.com.ua/5839/


Last Updated: 27 May 2016 10:57:36