CVE-2012-5057 — CRLF Injection in Owncloud

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 52.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedJun 4

Latest updateMay 17

Description

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDowncloud/owncloud_server7 versions+6

▶NVDowncloud/owncloud4.0.7

🔴Vulnerability Details

GHSA

GHSA-52r6-233g-595f: CRLF injection vulnerability in ownCloud Server before 4↗2022-05-17

▶

CVEList

CVE-2012-5057: CRLF injection vulnerability in ownCloud Server before 4↗2014-06-04

▶