CVE-2007-2550

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.

Published: May 9, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2550
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
devellion / cubecart	3.0.15	3.0.15.x

http://osvdb.org/36209
http://osvdb.org/36210
http://securityreason.com/securityalert/2678
http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1&showtopic=27418
http://www.securityfocus.com/archive/1/467828/100/0/threaded
http://www.securityfocus.com/archive/1/468053/100/0/threaded
http://www.securityfocus.com/bid/23852
https://exchange.xforce.ibmcloud.com/vulnerabilities/34141

Vulnerability Database

290,278

CVE-2007-2550