CVE-2012-0310

{"id": "CVE-2012-0310", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-13T04:14:39.037", "references": [{"url": "http://jvn.jp/en/jp/JVN63249231/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000002", "source": "vultures@jpcert.or.jp"}, {"url": "http://secunia.com/advisories/47496", "source": "vultures@jpcert.or.jp"}, {"url": "http://secunia.com/advisories/47525", "source": "vultures@jpcert.or.jp"}, {"url": "http://www.cogentdatahub.com/ReleaseNotes.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://www.securityfocus.com/bid/51375", "source": "vultures@jpcert.or.jp"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf", "source": "vultures@jpcert.or.jp"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72306", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de CRLF en Cogent DataHub v7.1.2 y anteriores, Cascade DataHub v6.4.20 y anteriores, y OPC DataHub v6.4.20 y anteriores permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-29T01:30:54.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cogentdatahub:cascade_datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24329477-5153-4C83-A1D2-36DCB2D89285", "versionEndIncluding": "6.4.20"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD844135-43CF-45C0-A483-A3F807F4B5A2", "versionEndIncluding": "7.1.2"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2DE7A08-D283-4EB3-BAAE-0BA4A8C2E088"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66059E64-6EB2-4F9D-BCB3-099A01C9E72A"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05AAB16-437D-4A4E-892B-9B83E47FEC24"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65D16B36-567F-499D-AC7B-D2CC85AD9327"}, {"criteria": "cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8EC08FD-5473-4DB6-9828-8D007FE1E5FC"}, {"criteria": "cpe:2.3:a:cogentdatahub:opc_datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51115EB4-98E2-45A2-80AB-8168292F9879", "versionEndIncluding": "6.4.20"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}