cvelistv5 - cve-2018-16181

cve-2018-16181

Vulnerability from cvelistv5

Published

2019-01-09 22:00

Modified

2024-08-05 10:17

Severity ?

Summary

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://download.daj.co.jp/user/ifilter/V9/	Permissions Required, Vendor Advisory
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN32155106/index.html	Third Party Advisory

Impacted products

▼	Vendor	Product
	Digital Arts Inc.	i-FILTER

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:17:38.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#32155106",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN32155106/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://download.daj.co.jp/user/ifilter/V9/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "i-FILTER",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.9.50R05 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP header injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T21:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#32155106",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN32155106/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://download.daj.co.jp/user/ifilter/V9/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16181",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "i-FILTER",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.9.50R05 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Digital Arts Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP header injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#32155106",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN32155106/index.html"
            },
            {
              "name": "https://download.daj.co.jp/user/ifilter/V9/",
              "refsource": "MISC",
              "url": "https://download.daj.co.jp/user/ifilter/V9/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-16181",
    "datePublished": "2019-01-09T22:00:00",
    "dateReserved": "2018-08-30T00:00:00",
    "dateUpdated": "2024-08-05T10:17:38.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-16181\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-01-09T23:29:03.873\",\"lastModified\":\"2019-02-01T18:25:38.673\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n de cabeceras HTTP en i-FILTER, en versiones 9.50R05 y anteriores, podr\u00eda permitir que atacantes remotos inyecten cabeceras HTTP arbitrarias y lleven a cabo ataques de separaci\u00f3n de respuesta HTTP que podr\u00edan resultar en la inyecci\u00f3n de scripts arbitrarios o en la configuraci\u00f3n de valores de cookie arbitrarios mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-113\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.50r05\",\"matchCriteriaId\":\"35CCC75C-3427-4B4A-9C3F-824930DBFDD5\"}]}]}],\"references\":[{\"url\":\"https://download.daj.co.jp/user/ifilter/V9/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN32155106/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

ghsa-x4fr-465j-hpj9

Vulnerability from github

Published

2022-05-14 01:37

Modified

2022-05-14 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-113"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.",
  "id": "GHSA-x4fr-465j-hpj9",
  "modified": "2022-05-14T01:37:22Z",
  "published": "2022-05-14T01:37:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16181"
    },
    {
      "type": "WEB",
      "url": "https://download.daj.co.jp/user/ifilter/V9"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN32155106/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2018-16181

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-16181

Aliases

CVE-2018-16181

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16181",
    "description": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.",
    "id": "GSD-2018-16181"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16181"
      ],
      "details": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.",
      "id": "GSD-2018-16181",
      "modified": "2023-12-13T01:22:25.913711Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16181",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "i-FILTER",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Ver.9.50R05 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Digital Arts Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "HTTP header injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#32155106",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN32155106/index.html"
          },
          {
            "name": "https://download.daj.co.jp/user/ifilter/V9/",
            "refsource": "MISC",
            "url": "https://download.daj.co.jp/user/ifilter/V9/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.50r05",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16181"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-113"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#32155106",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN32155106/index.html"
            },
            {
              "name": "https://download.daj.co.jp/user/ifilter/V9/",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://download.daj.co.jp/user/ifilter/V9/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-02-01T18:25Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

cve-2018-16181

Vulnerability from jvndb

Published

2018-12-07 14:30

Modified

2019-08-27 11:45

Severity ?

6.1 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Multiple vulnerabilities in i-FILTER

Details

i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. * Cross-site scripting (CWE-79) - CVE-2018-16180 * HTTP header injection (CWE-113) - CVE-2018-16181 Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN32155106/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16180
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16181
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16180
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16181
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Digital Arts Inc.	i-FILTER

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000129.html",
  "dc:date": "2019-08-27T11:45+09:00",
  "dcterms:issued": "2018-12-07T14:30+09:00",
  "dcterms:modified": "2019-08-27T11:45+09:00",
  "description": "i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below.\r\n* Cross-site scripting (CWE-79) - CVE-2018-16180\r\n* HTTP header injection (CWE-113) - CVE-2018-16181\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000129.html",
  "sec:cpe": {
    "#text": "cpe:/a:daj:i-filter",
    "@product": "i-FILTER",
    "@vendor": "Digital Arts Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000129",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN32155106/index.html",
      "@id": "JVN#32155106",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16180",
      "@id": "CVE-2018-16180",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16181",
      "@id": "CVE-2018-16181",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16180",
      "@id": "CVE-2018-16180",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16181",
      "@id": "CVE-2018-16181",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in i-FILTER"
}

Action not permitted

cve-2018-16181

Vulnerability from cvelistv5

ghsa-x4fr-465j-hpj9

Vulnerability from github

gsd-2018-16181

Vulnerability from gsd

cve-2018-16181

Vulnerability from jvndb

Tags