Vulnerabilities > CVE-2016-4803 - Unspecified vulnerability in Dotcms

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

dotcms

NVD

Published: 2016-06-30

Updated: 2016-11-28

Summary

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Vulnerable Configurations

Part	Description	Count
Application	Dotcms Dotcms Dotcms 1.9 Dotcms Dotcms 1.9.2.1 Dotcms Dotcms 1.9.5.1 Dotcms Dotcms 2.0 Dotcms Dotcms 2.0.1 Dotcms Dotcms 2.1 Dotcms Dotcms 2.1.1 Dotcms Dotcms 2.2 Dotcms Dotcms 2.2.1 Dotcms Dotcms 2.3 Dotcms Dotcms 2.3.1 Dotcms Dotcms 2.3.2 Dotcms Dotcms 2.5 Dotcms Dotcms 2.5.1 Dotcms Dotcms 2.5.2 Dotcms Dotcms 2.5.3 Dotcms Dotcms 2.5.4 Dotcms Dotcms 3.0 Dotcms Dotcms 3.0.1 Dotcms Dotcms 3.1 Dotcms Dotcms 3.2 Dotcms Dotcms 3.2.1 Dotcms Dotcms 3.2.2 Dotcms Dotcms 3.2.3 Dotcms Dotcms 3.2.4 Dotcms Dotcms 3.3 Dotcms Dotcms 3.3.1	27

Packetstorm

data source	https://packetstormsecurity.com/files/download/137179/dotcms35332-inject.txt
id	PACKETSTORM:137179
last seen	2016-12-05
published	2016-05-25
reporter	Elar Lang
source	https://packetstormsecurity.com/files/137179/dotCMS-Email-Header-Injection.html
title	dotCMS Email Header Injection

Summary

Vulnerable Configurations

Packetstorm

References