CVE-2007-2550 Information

Feb 14, 2021 cve

Description

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with \ccSID\ to (1) cart.php or (2) index.php.

Reference

http://osvdb.org/36209 http://osvdb.org/36210 http://securityreason.com/securityalert/2678 http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1&showtopic=27418 http://www.securityfocus.com/archive/1/467828/100/0/threaded http://www.securityfocus.com/archive/1/468053/100/0/threaded http://www.securityfocus.com/bid/23852 https://exchange.xforce.ibmcloud.com/vulnerabilities/34141

Share on: