製品・ソフトウェアに関する情報

JVN脆弱性詳細

Pebble における HTTP ヘッダインジェクションの脆弱性

Title	Pebble における HTTP ヘッダインジェクションの脆弱性
Summary	Pebble には、HTTP ヘッダインジェクションの脆弱性が存在します。 Pebble は、オープンソースのウェブログシステムです。Pebble には、HTTP ヘッダインジェクションの脆弱性が存在します。この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。報告者: 岸谷隆久氏
Possible impacts	ユーザのウェブブラウザ上で偽の情報が表示されたり、任意のスクリプトが実行されたり、Cookie に任意の値が設定されたりするなどの可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。
Publication Date	Nov. 2, 2012, midnight
Registration Date	Nov. 2, 2012, 12:02 p.m.
Last Update	Nov. 2, 2012, 12:02 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

Pebble

Pebble 2.6.4 より前のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-4023	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4023
National Vulnerability Database (NVD)
2	CVE-2012-4023	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4023

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Pebble
1	Pebble - Overview	http://pebble.sourceforge.net/

その他

No	Name	URL
JVN
1	JVN#39563771	http://jvn.jp/jp/JVN39563771/index.html

Change Log

No	Changed Details	Date of change
0	[2012年11月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-4023

Summary	CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Publication Date	Nov. 8, 2012, 8:46 p.m.
Registration Date	Jan. 28, 2021, 3:02 p.m.
Last Update	Nov. 21, 2024, 10:42 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:simon_brown:pebble:2.0.0:m3::::::
cpe:2.3:a:simon_brown:pebble:1.4:beta1::::::
cpe:2.3:a:simon_brown:pebble:1.5:::::::*
cpe:2.3:a:simon_brown:pebble:1.6:beta3::::::
cpe:2.3:a:simon_brown:pebble:1.4:beta2::::::
cpe:2.3:a:simon_brown:pebble:2.3.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:m1::::::
cpe:2.3:a:simon_brown:pebble:2.5:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:m2::::::
cpe:2.3:a:simon_brown:pebble:1.7:::::::*
cpe:2.3:a:simon_brown:pebble:2.5:rc1::::::
cpe:2.3:a:simon_brown:pebble:1.5.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.0:::::::*
cpe:2.3:a:simon_brown:pebble:2.6:::::::*
cpe:2.3:a:simon_brown:pebble:2.6.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.6.2:::::::*
cpe:2.3:a:simon_brown:pebble:1.0:::::::*
cpe:2.3:a:simon_brown:pebble:1.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.4:rc2::::::
cpe:2.3:a:simon_brown:pebble:2.0.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.5.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:rc2::::::
cpe:2.3:a:simon_brown:pebble:1.4:beta3::::::
cpe:2.3:a:simon_brown:pebble:1.8:::::::*
cpe:2.3:a:simon_brown:pebble:2.3:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:rc1::::::
cpe:2.3:a:simon_brown:pebble:1.4.1:::::::*
cpe:2.3:a:simon_brown:pebble:1.7.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.5:m2::::::
cpe:2.3:a:simon_brown:pebble:1.9:::::::*
cpe:2.3:a:simon_brown:pebble:1.7:beta1::::::
cpe:2.3:a:simon_brown:pebble:2.5.3:::::::*
cpe:2.3:a:simon_brown:pebble:1.5:beta2::::::
cpe:2.3:a:simon_brown:pebble:1.4:::::::*
cpe:2.3:a:simon_brown:pebble:1.3:::::::*
cpe:2.3:a:simon_brown:pebble:2.6:m1::::::
cpe:2.3:a:simon_brown:pebble:2.1:::::::*
cpe:2.3:a:simon_brown:pebble:1.7.2:::::::*
cpe:2.3:a:simon_brown:pebble:1.5:beta1::::::
cpe:2.3:a:simon_brown:pebble:2.4:::::::*
cpe:2.3:a:simon_brown:pebble:2.2:::::::*
cpe:2.3:a:simon_brown:pebble:1.4.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.1:rc1::::::
cpe:2.3:a:simon_brown:pebble::::::::		2.6.3
cpe:2.3:a:simon_brown:pebble:2.5:m1::::::
cpe:2.3:a:simon_brown:pebble:1.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.5.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.3.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://jvn.jp/en/jp/JVN39563771/index.html
2	http://jvn.jp/en/jp/JVN39563771/index.html
3	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000099
4	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000099
5	http://secunia.com/advisories/51102
6	http://secunia.com/advisories/51102

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:simon_brown:pebble:2.0.0:m3::::::
cpe:2.3:a:simon_brown:pebble:1.4:beta1::::::
cpe:2.3:a:simon_brown:pebble:1.5:::::::*
cpe:2.3:a:simon_brown:pebble:1.6:beta3::::::
cpe:2.3:a:simon_brown:pebble:1.4:beta2::::::
cpe:2.3:a:simon_brown:pebble:2.3.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:m1::::::
cpe:2.3:a:simon_brown:pebble:2.5:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:m2::::::
cpe:2.3:a:simon_brown:pebble:1.7:::::::*
cpe:2.3:a:simon_brown:pebble:2.5:rc1::::::
cpe:2.3:a:simon_brown:pebble:1.5.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.0:::::::*
cpe:2.3:a:simon_brown:pebble:2.6:::::::*
cpe:2.3:a:simon_brown:pebble:2.6.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.6.2:::::::*
cpe:2.3:a:simon_brown:pebble:1.0:::::::*
cpe:2.3:a:simon_brown:pebble:1.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.4:rc2::::::
cpe:2.3:a:simon_brown:pebble:2.0.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.5.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:rc2::::::
cpe:2.3:a:simon_brown:pebble:1.4:beta3::::::
cpe:2.3:a:simon_brown:pebble:1.8:::::::*
cpe:2.3:a:simon_brown:pebble:2.3:::::::*
cpe:2.3:a:simon_brown:pebble:2.0.0:rc1::::::
cpe:2.3:a:simon_brown:pebble:1.4.1:::::::*
cpe:2.3:a:simon_brown:pebble:1.7.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.5:m2::::::
cpe:2.3:a:simon_brown:pebble:1.9:::::::*
cpe:2.3:a:simon_brown:pebble:1.7:beta1::::::
cpe:2.3:a:simon_brown:pebble:2.5.3:::::::*
cpe:2.3:a:simon_brown:pebble:1.5:beta2::::::
cpe:2.3:a:simon_brown:pebble:1.4:::::::*
cpe:2.3:a:simon_brown:pebble:1.3:::::::*
cpe:2.3:a:simon_brown:pebble:2.6:m1::::::
cpe:2.3:a:simon_brown:pebble:2.1:::::::*
cpe:2.3:a:simon_brown:pebble:1.7.2:::::::*
cpe:2.3:a:simon_brown:pebble:1.5:beta1::::::
cpe:2.3:a:simon_brown:pebble:2.4:::::::*
cpe:2.3:a:simon_brown:pebble:2.2:::::::*
cpe:2.3:a:simon_brown:pebble:1.4.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.1:rc1::::::
cpe:2.3:a:simon_brown:pebble::::::::		2.6.3
cpe:2.3:a:simon_brown:pebble:2.5:m1::::::
cpe:2.3:a:simon_brown:pebble:1.1:::::::*
cpe:2.3:a:simon_brown:pebble:2.5.2:::::::*
cpe:2.3:a:simon_brown:pebble:2.3.1:::::::*