RCE in Cogentdatahub Cascade_datahub

CVE-2012-0310

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.011 (78.3th percentile) — read the EPSS interpretation.

Affected products

Cogentdatahub Cascade_datahub
Cogentdatahub Cogent_datahub — versions 7.0, 7.0.2, 7.1.0
Cogentdatahub Opc_datahub
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

51375 (vdb-entry, x_refsource_BID)
vultures@jpcert.or.jp (x_refsource_CONFIRM)
cogentdatahub-unspecified-header-injection(72306) (vdb-entry, x_refsource_XF)
vultures@jpcert.or.jp (x_refsource_MISC)
47525 (x_refsource_SECUNIA, third-party-advisory)
JVN#63249231 (x_refsource_JVN, third-party-advisory)
JVNDB-2012-000002 (x_refsource_JVNDB, third-party-advisory)
47496 (x_refsource_SECUNIA, third-party-advisory)