CVE-2007-2291 - CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.

CVE-2007-2291

Summary

CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.

References

http://www.wisec.it/vulns.php?id=11
http://www.securityfocus.com/bid/23668
http://www.securitytracker.com/id?1017969
http://securityreason.com/securityalert/2654
https://exchange.xforce.ibmcloud.com/vulnerabilities/33978
http://www.securityfocus.com/archive/1/466906/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 15:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	23668
bugtraq	20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting
misc	http://www.wisec.it/vulns.php?id=11
sectrack	1017969
sreason	2654
xf	ie-lf-response-splitting(33978)

Last major update

23-07-2021 - 15:05

Published

26-04-2007 - 20:19

Last modified

23-07-2021 - 15:05