CVE-2012-3301

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.

Published: Aug 21, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3301
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
ibm / lotus_domino	8.5.2.4	8.5.2.4.x
ibm / lotus_domino	8.5.1.1	8.5.1.1.x
ibm / lotus_domino	8.5.1.4	8.5.1.4.x
ibm / lotus_domino	8.5.2.2	8.5.2.2.x
ibm / lotus_domino	8.5.2.1	8.5.2.1.x
ibm / lotus_domino	8.5.0.1	8.5.0.1.x
ibm / lotus_domino	8.5.3.0	8.5.3.0.x
ibm / lotus_domino	8.5.0	8.5.0.x
ibm / lotus_domino	8.5.1.2	8.5.1.2.x
ibm / lotus_domino	8.5.3.1	8.5.3.1.x
ibm / lotus_domino	8.5.2.3	8.5.2.3.x
ibm / lotus_domino	8.5.2.0	8.5.2.0.x
ibm / lotus_domino	8.5.3.2	8.5.3.2.x
ibm / lotus_domino	8.5.1.5	8.5.1.5.x
ibm / lotus_domino	8.5.1.3	8.5.1.3.x

Vulnerability Database

289,697

CVE-2012-3301