Main Vulnerability Database Vulnerabilities #VU43351

Input validation error in pebble - CVE-2012-4023

Published: November 8, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43351

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-4023

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: cockroachdb

Affected software:
pebble

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

How to mitigate CVE-2012-4023

Install update from vendor's website.

Sources

http://jvn.jp/en/jp/JVN39563771/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000099
http://secunia.com/advisories/51102

Input validation error in pebble - CVE-2012-4023

Detailed vulnerability description

How to mitigate CVE-2012-4023

Sources

Please verify you're human