ID CVE-2016-1900
Summary CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
References
Vulnerable Configurations
  • Fedora 22
    cpe:2.3:o:fedoraproject:fedora:22
  • cgit Project cgit 0.11.2
    cpe:2.3:a:cgit_project:cgit:0.11.2
CVSS
Base: 4.3 (as of 07-12-2016 - 14:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_62C0DBBDBFCE11E5B5FE002590263BF5.NASL
    description Jason A. Donenfeld reports : Reflected Cross Site Scripting and Header Injection in Mimetype Query String. Stored Cross Site Scripting and Header Injection in Filename Parameter. Integer Overflow resulting in Buffer Overflow.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 88028
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88028
    title FreeBSD : cgit -- multiple vulnerabilities (62c0dbbd-bfce-11e5-b5fe-002590263bf5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3545.NASL
    description Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90410
    published 2016-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90410
    title Debian DSA-3545-1 : cgit - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-86.NASL
    description This update to cgit 0.12 fixes the following issues : - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflow The bundled git version was updated to 2.7.0.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88399
    published 2016-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88399
    title openSUSE Security Update : cgit (openSUSE-2016-86)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-69.NASL
    description This update to cgit 0.12 fixes the following issues : - CVE-2016-1899: Reflected Cross Site Scripting and Header Injection in Mimetype Query String - CVE-2016-1900: Stored Cross Site Scripting and Header Injection in Filename Parameter - CVE-2016-1901: Integer Overflow resulting in Buffer Overflow The bundled git version was updated to 2.7.0.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88136
    published 2016-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88136
    title openSUSE Security Update : cgit (openSUSE-2016-69)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-215B507409.NASL
    description Update to 0.12. Fixes bug #1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89492
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89492
    title Fedora 22 : cgit-0.12-1.fc22 (2016-215b507409)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E5A5FB196F.NASL
    description Update to 0.12. Fixes bug #1298912 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89631
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89631
    title Fedora 23 : cgit-0.12-1.fc23 (2016-e5a5fb196f)
refmap via4
confirm http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463
debian DSA-3545
fedora
  • FEDORA-2016-215b507409
  • FEDORA-2016-e5a5fb196f
mlist
  • [CGit] 20160113 XSS in cgit
  • [CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released
  • [oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities
  • [oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities
suse
  • openSUSE-SU-2016:0196
  • openSUSE-SU-2016:0218
Last major update 07-12-2016 - 13:33
Published 20-01-2016 - 11:59
Back to Top