// For flags

CVE-2009-0759

 

Severity Score

6.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

Múltiples vulnerabilidades de inyección de retorno de carro y salto de línea (CRLF) en ZNC antes de v0.066 permite a usuarios remotos autentificados modificar el fichero de configuración znc.conf y conseguir un aumento de privilegios a través de secuencias CRLF en el mensaje "quit" y otros vectores.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-03-03 CVE Reserved
  • 2009-03-03 CVE Published
  • 2023-04-21 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Znc
Search vendor "Znc"
 Znc
Search vendor "Znc" for product "Znc"
 <= 0.062
Search vendor "Znc" for product "Znc" and version " <= 0.062"
-
Affected
Znc
Search vendor "Znc"
 Znc
Search vendor "Znc" for product "Znc"
 0.056
Search vendor "Znc" for product "Znc" and version "0.056"
-
Affected
Znc
Search vendor "Znc"
 Znc
Search vendor "Znc" for product "Znc"
 0.058
Search vendor "Znc" for product "Znc" and version "0.058"
-
Affected