CVE-2014-2017
published 2018-01-18CVE-2014-2017: CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4…
PriorityP339medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.40%
82.0th percentile
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oxidforge | eshop | < 4.7.11 | 4.7.11 |
| oxidforge | eshop | < 5.0.11 | 5.0.11 |
| oxidforge | eshop | >= 4.8.0 < 4.8.4 | 4.8.4 |
| oxidforge | eshop | >= 5.1.0 < 5.1.4 | 5.1.4 |
| zabbix | zabbix | >= 0 < 1:2.2.2+dfsg-1ubuntu1+esm4 | 1:2.2.2+dfsg-1ubuntu1+esm4 |
| zabbix | zabbix | >= 0 < 1:2.4.7+dfsg-2ubuntu2.1+esm3 | 1:2.4.7+dfsg-2ubuntu2.1+esm3 |
| zabbix | zabbix | >= 0 < 1:3.0.12+dfsg-1ubuntu0.1~esm3 | 1:3.0.12+dfsg-1ubuntu0.1~esm3 |
| zabbix | zabbix | >= 0 < 1:4.0.17+dfsg-1ubuntu0.1~esm1 | 1:4.0.17+dfsg-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
zabbix vulnerabilities
osv·2022-06-15·CVSS 9.8
CVE-2020-11800 zabbix vulnerabilities
zabbix vulnerabilities
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inp
GHSA
GHSA-hr5v-c6v7-wv78: CRLF injection vulnerability in OXID eShop Professional Edition before 4
ghsa_unreviewed·2022-05-14
CVE-2014-2017 [MEDIUM] CWE-93 GHSA-hr5v-c6v7-wv78: CRLF injection vulnerability in OXID eShop Professional Edition before 4
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
No detection rules found.
2018-01-18
Published