Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Lighttpd Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2015-3200 - Vulnerability Database
Lighttpd

Lighttpd Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2015-3200

High
Reference: CVE-2015-3200
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3200
Title: Lighttpd Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character as demonstrated by a string containing a NULL and new line character.