Search for vulnerabilities
Vulnerability details: VCID-q2d8-k48b-aaah
Vulnerability ID VCID-q2d8-k48b-aaah
Aliases CVE-2015-3200
Summary mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
generic_textual Low http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3200.html
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00774 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00924 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00924 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00924 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.00924 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.3606 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.38081 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
epss 0.5202 https://api.first.org/data/v1/epss?cve=CVE-2015-3200
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3200
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-3200
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-3200
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Reference id Reference type URL
http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3200.html
http://redmine.lighttpd.net/issues/2646
https://api.first.org/data/v1/epss?cve=CVE-2015-3200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3200
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/74813
http://www.securitytracker.com/id/1032405
787132 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787132
cpe:2.3:a:hp:virtual_customer_access_system:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
CVE-2015-3200 https://nvd.nist.gov/vuln/detail/CVE-2015-3200
USN-USN-4775-1 https://usn.ubuntu.com/USN-4775-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-3200
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-3200
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81746
EPSS Score 0.00774
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.