Vulnerabilities > CVE-2016-4803 - Email Header Injection vulnerability in dotCMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/137179/dotcms35332-inject.txt |
id | PACKETSTORM:137179 |
last seen | 2016-12-05 |
published | 2016-05-25 |
reporter | Elar Lang |
source | https://packetstormsecurity.com/files/137179/dotCMS-Email-Header-Injection.html |
title | dotCMS Email Header Injection |