CVE Vulnerability

CVE-2007-4190

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.joomla.org/content/view/3677/1/ Vendor Advisory
http://secunia.com/advisories/26239 Patch Vendor Advisory
http://osvdb.org/38739 Broken Link
http://www.vupen.com/english/advisories/2007/2719 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*
Information

Published : 2007-08-08 01:17

Updated : 2021-10-01 03:03

NVD link : CVE-2007-4190

Mitre link : CVE-2007-4190

Products Affected
No products.
CWE
CWE-74