CVE-2007-2291 — CRLF Injection in Microsoft Internet Explorer
2 documents2 sources
Severity
7.5HIGHNVD
EPSS
40.4%
top 2.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 26
Latest updateMay 1
Description
CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages1 packages
🔴Vulnerability Details
1GHSA▶
GHSA-898q-fcfm-qrjw: CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7↗2022-05-01