CVE-2016-4803

CVE-2016-4803

EPSS 2.2%

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://dotcms.com/docs/latest/change-log#release-3.3.2 http://seclists.org/fulldisclosure/2016/May/69 https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html http://www.securityfocus.com/bid/91529