CVE-2007-2550
Summary
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
- LOW
- NETWORK
- NONE
- PARTIAL
- NONE
- NONE
References
Advisory Timeline
- Published