CVE-2020-3246

MEDIUM Year: 2020
CVSS v3 Score
4.7
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-93
View all →

Vulnerability Description

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.

Related Vulnerabilities

CVE-2020-3561

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker...

CWE-932020

CVE-2014-9563

MEDIUM
CVSS:4.9(Medium)

CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users...

CWE-932014

CVE-2019-15616

MEDIUM
CVSS:4.3(Medium)

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.

CWE-932019

CVE-2023-26138

MEDIUM
CVSS:4.3(Medium)

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (ca...

CWE-932023

CVE-2017-18587

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

CWE-932017

CVE-2018-12537

MEDIUM
CVSS:5.3(Medium)

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfilter...

CWE-932018