CVE-2015-3200

7.5 HIGH

Published: June 09, 2015 Modified: May 06, 2026

Description

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html

Source: secalert@redhat.com

Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html

Source: secalert@redhat.com

http://redmine.lighttpd.net/issues/2646

Source: secalert@redhat.com

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/74813

Source: secalert@redhat.com

http://www.securitytracker.com/id/1032405

Source: secalert@redhat.com

VDB Entry

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Source: secalert@redhat.com

Vendor Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10310

Source: secalert@redhat.com

http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html