[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2383Date: (C)2009-01-02   (M)2023-12-22


CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka ) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021522
SUNALERT-254208
BID-33060
SECUNIA-33318
SECUNIA-33388
SECUNIA-33397
SECUNIA-33418
SECUNIA-33419
SECUNIA-33568
SECUNIA-33820
SECUNIA-35074
ADV-2009-1297
APPLE-SA-2009-05-12
DSA-1694
FEDORA-2009-0059
FEDORA-2009-0154
FEDORA-2023-3746647cc3
FEDORA-2023-a004ecb3f8
RHSA-2009:0018
RHSA-2009:0019
SUSE-SR:2009:002
SUSE-SR:2009:003
TA09-133A
USN-703-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
http://support.apple.com/kb/HT3549
oval:org.mitre.oval:def:9317
xterm-decrqss-code-execution(47655)

CWE    1
CWE-94
OVAL    22
oval:org.secpod.oval:def:600433
oval:org.secpod.oval:def:202100
oval:org.secpod.oval:def:200581
oval:org.secpod.oval:def:102525
...

© SecPod Technologies