PT-2018-4184 · Oxid · Oxid Eshop Enterprise Edition+2
Tomas Liubinas
·
Published
2018-01-18
·
Updated
2018-02-06
·
CVE-2014-2017
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OXID eShop Professional Edition versions 4.7.10 and earlier, 4.8.x before 4.8.4
OXID eShop Enterprise Edition versions 5.0.10 and earlier, 5.1.x before 5.1.4
OXID eShop Community Edition versions 4.7.10 and earlier, 4.8.x before 4.8.4
Description
The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
Recommendations
For OXID eShop Professional Edition versions 4.7.10 and earlier, update to version 4.7.11 or later.
For OXID eShop Professional Edition 4.8.x before 4.8.4, update to version 4.8.4 or later.
For OXID eShop Enterprise Edition versions 5.0.10 and earlier, update to version 5.0.11 or later.
For OXID eShop Enterprise Edition 5.1.x before 5.1.4, update to version 5.1.4 or later.
For OXID eShop Community Edition versions 4.7.10 and earlier, update to version 4.7.11 or later.
For OXID eShop Community Edition 4.8.x before 4.8.4, update to version 4.8.4 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oxid Eshop Community Edition
Oxid Eshop Enterprise Edition
Oxid Eshop Professional Edition