Vulnerabilities > CVE-2016-4803 - Unspecified vulnerability in Dotcms
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/137179/dotcms35332-inject.txt |
id | PACKETSTORM:137179 |
last seen | 2016-12-05 |
published | 2016-05-25 |
reporter | Elar Lang |
source | https://packetstormsecurity.com/files/137179/dotCMS-Email-Header-Injection.html |
title | dotCMS Email Header Injection |
References
- http://seclists.org/fulldisclosure/2016/May/69
- http://seclists.org/fulldisclosure/2016/May/69
- http://www.securityfocus.com/bid/91529
- http://www.securityfocus.com/bid/91529
- https://dotcms.com/docs/latest/change-log#release-3.3.2
- https://dotcms.com/docs/latest/change-log#release-3.3.2
- https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html
- https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html