CVE-2007-2292 Information

Feb 14, 2021 cve

Description

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (0a) bytes in the username attribute.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http://secunia.com/advisories/27387 http://secunia.com/advisories/27403 http://secunia.com/advisories/27414 http://secunia.com/advisories/27425 http://secunia.com/advisories/27480 http://secunia.com/advisories/27665 http://secunia.com/advisories/27680 http://secunia.com/advisories/28398 http://securityreason.com/securityalert/2654 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html http://www.debian.org/security/2007/dsa-1392 http://www.debian.org/security/2007/dsa-1396 http://www.debian.org/security/2007/dsa-1401 http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 http://www.mozilla.org/security/announce/2007/mfsa2007-31.html http://www.novell.com/linux/security/advisories/2007_57_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0979.html http://www.redhat.com/support/errata/RHSA-2007-0980.html http://www.redhat.com/support/errata/RHSA-2007-0981.html http://www.securityfocus.com/archive/1/466906/100/0/threaded http://www.securityfocus.com/archive/1/482876/100/200/threaded http://www.securityfocus.com/archive/1/482925/100/0/threaded http://www.securityfocus.com/archive/1/482932/100/200/threaded http://www.securityfocus.com/bid/23668 http://www.securitytracker.com/id?1017968 http://www.ubuntu.com/usn/usn-536-1 http://www.vupen.com/english/advisories/2007/3544 http://www.vupen.com/english/advisories/2007/3587 http://www.vupen.com/english/advisories/2008/0083 http://www.wisec.it/vulns.php?id=11 https://bugzilla.mozilla.org/show_bug.cgi?id=378787 https://exchange.xforce.ibmcloud.com/vulnerabilities/33981 https://issues.rpath.com/browse/RPL-1858 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10195 https://usn.ubuntu.com/535-1/ https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Share on: