1. Home
  2. Vulnerabilities
  3. CVE-2007-2292

CVE-2007-2292

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 8.94 % (95th)
8.94% Progress
Affected Products 3
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2007-04-26 20:19:00
(17 years ago)
Updated Date
2021-07-23 15:05:45
(3 years ago)

Affected Products

Microsoft

Mozilla

Configuration #1

    CPE23 From Up To
  Microsoft Internet Explorer 7.0.5730.11 cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11
  Mozilla Firefox 2.0.0.8 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.8
  Mozilla Seamonkey 1.1.5 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.5