oss-security - NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Mon, 4 May 2015 15:31:02 +0800
From: Jing Wang <justqdjing@...il.com>
To: oss-security@...ts.openwall.com
Subject: NetCat CMS Multiple HTTP Response Splitting (CRLF) Security
 Vulnerabilities - CVE Request

Hello,

Could you assign a CVE reference ID for the following vulnerability?
Thank you very much.

http://seclists.org/fulldisclosure/2015/Mar/36
http://packetstormsecurity.com/files/130721/NetCat-CMS-5.01-Header-Injection.html
http://www.osvdb.org/show/osvdb/119342
http://www.osvdb.org/show/osvdb/119343
http://tetraph.com/security/http-response-splitting-vulnerability/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/



========

Exploit Title:
NetCat CMS Multiple CRLF Web Security Vulnerabilities

Product:
NetCat

Vendor:
NetCat

Vendor Link:
http://netcat.ru/

Vulnerable Versions:
 5.01   3.12   3.0   2.4   2.3   2.2   2.1   2.0   1.1

Tested Versions:
3.12

========

Best Regards,
Wang Jing

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.