CVE-2016-1899 - OpenCVE

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cgit Project	Cgit
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html
http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
http://www.debian.org/security/2016/dsa-3545
http://www.openwall.com/lists/oss-security/2016/01/14/3
http://www.openwall.com/lists/oss-security/2016/01/14/6

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-20T16:00:00

Updated: 2024-08-05T23:10:40.239Z

Reserved: 2016-01-14T00:00:00

Link: CVE-2016-1899

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-01-20T16:59:03.880

Modified: 2016-12-07T18:33:07.933

Link: CVE-2016-1899

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "[CGit] 20160113 XSS in cgit", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"name": "FEDORA-2016-e5a5fb196f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"name": "openSUSE-SU-2016:0196", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1899", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "refsource": "MLIST", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "[CGit] 20160113 XSS in cgit", "refsource": "MLIST", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"name": "FEDORA-2016-e5a5fb196f", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"name": "openSUSE-SU-2016:0196", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"name": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96", "refsource": "CONFIRM", "url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:10:40.239Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "[CGit] 20160113 XSS in cgit", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"name": "FEDORA-2016-e5a5fb196f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"name": "openSUSE-SU-2016:0196", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1899", "datePublished": "2016-01-20T16:00:00", "dateReserved": "2016-01-14T00:00:00", "dateUpdated": "2024-08-05T23:10:40.239Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF3ADACB-C9F2-4EFB-8B07-AADA98BE5FA8", "versionEndIncluding": "0.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en el manejador ui-blob en CGit en versiones anteriores a 0.12 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de separaci\u00f3n de respuesta HTTP o ataques XSS a trav\u00e9s de secuencias CRLF en el par\u00e1metro mimetype, seg\u00fan lo demostrado por una petici\u00f3n ablob/cgit.c."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "id": "CVE-2016-1899", "lastModified": "2016-12-07T18:33:07.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-20T16:59:03.880", "references": [{"source": "cve@mitre.org", "url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"source": "cve@mitre.org", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3545"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}