CVE-2012-6072
Jenkins < 1.491 - CRLF Injection and HTTP Response Splitting
Title source: llmDescription
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0220.html
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=890607
Vendor Advisory x_refsource_confirm
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
Scores
EPSS
0.0010
EPSS Percentile
27.1%
Details
CWE
CWE-20
Status
published
Products (50)
cloudbees/jenkins
1.447.1.1
cloudbees/jenkins
1.447.2.2
cloudbees/jenkins
1.447.3.1
cloudbees/jenkins
1.400
cloudbees/jenkins
1.424
cloudbees/jenkins
1.447
cloudbees/jenkins
1.466.1.2
cloudbees/jenkins
1.466.2.1
cloudbees/jenkins
1.424.0.2
cloudbees/jenkins
1.424.0.4
... and 40 more
Published
Feb 24, 2013
Tracked Since
Feb 18, 2026