PT-2018-4184 · Oxid · Oxid Eshop Enterprise Edition+2

Tomas Liubinas

·

Publicado

2018-01-18

·

Atualizado

2018-02-06

·

CVE-2014-2017

CVSS v2.0

5.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions OXID eShop Professional Edition versions 4.7.10 and earlier, 4.8.x before 4.8.4 OXID eShop Enterprise Edition versions 5.0.10 and earlier, 5.1.x before 5.1.4 OXID eShop Community Edition versions 4.7.10 and earlier, 4.8.x before 4.8.4
Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Recommendations For OXID eShop Professional Edition versions 4.7.10 and earlier, update to version 4.7.11 or later. For OXID eShop Professional Edition 4.8.x before 4.8.4, update to version 4.8.4 or later. For OXID eShop Enterprise Edition versions 5.0.10 and earlier, update to version 5.0.11 or later. For OXID eShop Enterprise Edition 5.1.x before 5.1.4, update to version 5.1.4 or later. For OXID eShop Community Edition versions 4.7.10 and earlier, update to version 4.7.11 or later. For OXID eShop Community Edition 4.8.x before 4.8.4, update to version 4.8.4 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-93

Identificadores relacionados

CVE-2014-2017

Produtos afetados

Oxid Eshop Community Edition
Oxid Eshop Enterprise Edition
Oxid Eshop Professional Edition