CVE-2012-4023

Pebble < 2.6.4 - CRLF Injection via HTTP Header Manipulation

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN39563771/index.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51102
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000099

Scores

EPSS 0.0117
EPSS Percentile 63.6%

Details

CWE
CWE-20
Status published
Products (32)
simon_brown/pebble 1.0
simon_brown/pebble 1.1
simon_brown/pebble 1.2
simon_brown/pebble 1.3
simon_brown/pebble 1.4 (4 CPE variants)
simon_brown/pebble 1.4.1
simon_brown/pebble 1.4.2
simon_brown/pebble 1.5 (3 CPE variants)
simon_brown/pebble 1.5.1
simon_brown/pebble 1.6 beta3
... and 22 more
Published Nov 08, 2012
Tracked Since Feb 18, 2026