CVE-2012-5057

EUVD-2012-4980
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
owncloudowncloud
𝑥
≤ 4.0.7
owncloudowncloud_server
4.0.0
owncloudowncloud_server
4.0.1
owncloudowncloud_server
4.0.2
owncloudowncloud_server
4.0.3
owncloudowncloud_server
4.0.4
owncloudowncloud_server
4.0.5
owncloudowncloud_server
4.0.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
owncloud
lucid
dne
precise
not-affected
saucy
not-affected
trusty
dne
References
http://owncloud.org/about/security/advisories/CVE-2012-5057/
http://owncloud.org/about/security/advisories/CVE-2012-5057/