CVE-2008-2497

UNRATEDRemote code exec

Description

CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected products

mambo-foundation / mambo4.6.4

References

VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/1660/references
MISChttp://www.securityfocus.com/bid/29373
MISChttp://forum.mambo-foundation.org/showthread.php?t=11799
VENDOR_ADVISORYhttp://secunia.com/advisories/30343
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/42645