CVE-2012-0310
published 2012-01-13CVE-2012-0310: CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote…
PriorityP429medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
1.51%
71.3th percentile
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cogentdatahub | cascade_datahub | <= 6.4.20 | — |
| cogentdatahub | cogent_datahub | <= 7.1.2 | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | opc_datahub | <= 6.4.20 | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qpcg-8mgq-66pr: CRLF injection vulnerability in Cogent DataHub 7
ghsa_unreviewed·2022-05-04
CVE-2012-0310 [MEDIUM] CWE-94 GHSA-qpcg-8mgq-66pr: CRLF injection vulnerability in Cogent DataHub 7
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CISA ICS
Cogent DataHub XSS and CRLF
cisa_ics·2013-04-17
Cogent DataHub XSS and CRLF
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Cogent DataHub XSS and CRLF
Last RevisedApril 17, 2013
Alert CodeICSA-12-016-01
## Overview
ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems Inc. has produced a patch that resolves these vulnerabilities.
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. re
Red Hat
nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
vendor_redhat·2011-04-19·CVSS 3.3
CVE-2011-1749 [LOW] nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Statement: This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 as it did not include include mount.nfs. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0310 and RHSA-2011:1534 respectively.
Package: nfs-utils (Red Hat Enterprise Linux 4) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN63249231/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000002http://secunia.com/advisories/47496http://secunia.com/advisories/47525http://www.cogentdatahub.com/ReleaseNotes.htmlhttp://www.securityfocus.com/bid/51375http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72306http://jvn.jp/en/jp/JVN63249231/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000002http://secunia.com/advisories/47496http://secunia.com/advisories/47525http://www.cogentdatahub.com/ReleaseNotes.htmlhttp://www.securityfocus.com/bid/51375http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72306
2012-01-13
Published