CVE-2016-1900
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-1900
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/01/14/3
Vendor advisory: cve@mitre.org — http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0.11.2.git2.3.2-1.1 |
| debian | bullseye | fixed | 0.11.2.git2.3.2-1.1 |
| debian | forky | fixed | 0.11.2.git2.3.2-1.1 |
| debian | sid | fixed | 0.11.2.git2.3.2-1.1 |
| debian | trixie | fixed | 0.11.2.git2.3.2-1.1 |
| fedora | 22 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cgit_project | cgit | {"endIncluding":"0.11.2"} | |
References
- http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
- http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html
- http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
- http://www.debian.org/security/2016/dsa-3545
- http://www.openwall.com/lists/oss-security/2016/01/14/3
- http://www.openwall.com/lists/oss-security/2016/01/14/6
- https://security-tracker.debian.org/tracker/CVE-2016-1900
Verify integrity in audit chain (admin only). AS-IS.