Codeigniter
CVE-2017-1000247
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
AnalysisAI
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. Affected products include: Codeigniter.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Codeigniter
View allCodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
B.C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low att
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today