CVE-2012-6072
EPSS 0.10%Jenkins allows HTTP Injection and Response Splitting
Published: 5/14/2022Modified: 3/13/2025
Description
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Affected packages (1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.481, < 1.491
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6072
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-0220.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=890607
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- WEBhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb