CVE-2007-2292

Microsoft Internet Explorer < 2.0.0.8 - Improper Input Validation

Title source: rule
STIX 2.1

Description

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

References (52)

Core 52
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482876/100/200/threaded
Various Sources x_refsource_misc
http://www.wisec.it/vulns.php?id=11
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017968
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3587
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27414
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482925/100/0/threaded
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1858
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27360
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27298
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27315
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27327
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3544
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27276
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/535-1/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1401
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1392
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0980.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27383
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27356
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0981.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27387
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23668
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27403
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27336
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1396
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27425
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28398
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33981
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27311
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27325
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27665
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0979.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466906/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27335
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27480
Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27680
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2654
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482932/100/200/threaded
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-536-1

Scores

EPSS 0.1274
EPSS Percentile 95.8%

Details

CWE
CWE-20
Status published
Products (3)
microsoft/internet_explorer 7.0.5730.11
mozilla/firefox < 2.0.0.8
mozilla/seamonkey < 1.1.5
Published Apr 26, 2007
Tracked Since Feb 18, 2026