Main Vulnerability Database Vulnerabilities #VU43055

Input validation error in Jenkins - CVE-2012-6072

Published: February 25, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU43055

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-6072

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
Jenkins

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

How to mitigate CVE-2012-6072

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2013-0220.html
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
https://bugzilla.redhat.com/show_bug.cgi?id=890607
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

Input validation error in Jenkins - CVE-2012-6072

Detailed vulnerability description

How to mitigate CVE-2012-6072

Sources

Please verify you're human