What is the severity of CVE-2012-6072?

CVE-2012-6072 is classified as a medium severity vulnerability that allows remote attackers to inject arbitrary HTTP headers.

How do I fix CVE-2012-6072?

To fix CVE-2012-6072, update Jenkins to version 1.491 or higher, or apply the specific patches provided for affected versions.

What type of attacks can CVE-2012-6072 facilitate?

CVE-2012-6072 can facilitate HTTP response splitting attacks due to CRLF injection.

Which versions of Jenkins are affected by CVE-2012-6072?

CVE-2012-6072 affects Jenkins versions prior to 1.491, along with specific earlier versions of Jenkins LTS and enterprise builds.

Can CVE-2012-6072 impact security in web applications?

Yes, CVE-2012-6072 can severely impact web application security by allowing attackers to manipulate HTTP responses.

Vulnerability/
CVE-2012-6072

medium

4.3

CWE

20 93

28/12/2012

24/2/2013

6/8/2024

CVE-2012-6072: Input Validation

First published: Fri Dec 28 2012(Updated: )

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Cloudbees Jenkins	=1.447.1.1
Cloudbees Jenkins	=1.447.2.2
Cloudbees Jenkins	=1.447.3.1
Cloudbees Jenkins	=1.400
Cloudbees Jenkins	=1.424
Cloudbees Jenkins	=1.447
Jenkins Jenkins	<=1.466.2
Jenkins Jenkins	=1.409.1
Jenkins Jenkins	=1.409.2
Jenkins Jenkins	=1.409.3
Jenkins Jenkins	=1.424.1
Jenkins Jenkins	=1.424.2
Jenkins Jenkins	=1.424.3
Jenkins Jenkins	=1.424.4
Jenkins Jenkins	=1.424.5
Jenkins Jenkins	=1.424.6
Jenkins Jenkins	=1.447.1
Jenkins Jenkins	=1.447.2
Jenkins Jenkins	=1.466.1
Cloudbees Jenkins	=1.466.1.2
Cloudbees Jenkins	=1.466.2.1
Cloudbees Jenkins	<=1.480.3.1
Jenkins Jenkins	=1.400
Jenkins Jenkins	=1.401
Jenkins Jenkins	=1.402
Jenkins Jenkins	=1.403
Jenkins Jenkins	=1.404
Jenkins Jenkins	=1.405
Jenkins Jenkins	=1.406
Jenkins Jenkins	=1.407
Jenkins Jenkins	=1.408
Jenkins Jenkins	=1.409
Jenkins Jenkins	=1.410
Jenkins Jenkins	=1.411
Jenkins Jenkins	=1.412
Jenkins Jenkins	=1.413
Jenkins Jenkins	=1.414
Jenkins Jenkins	=1.415
Jenkins Jenkins	=1.416
Jenkins Jenkins	=1.417
Jenkins Jenkins	=1.418
Jenkins Jenkins	=1.419
Jenkins Jenkins	=1.420
Jenkins Jenkins	=1.421
Jenkins Jenkins	=1.422
Jenkins Jenkins	=1.423
Jenkins Jenkins	=1.424
Jenkins Jenkins	=1.425
Jenkins Jenkins	=1.426
Jenkins Jenkins	=1.427
Jenkins Jenkins	=1.428
Jenkins Jenkins	=1.429
Jenkins Jenkins	=1.430
Jenkins Jenkins	=1.431
Jenkins Jenkins	=1.432
Jenkins Jenkins	=1.433
Jenkins Jenkins	=1.434
Jenkins Jenkins	=1.435
Jenkins Jenkins	=1.436
Jenkins Jenkins	=1.437
Cloudbees Jenkins	=1.424.0.2
Cloudbees Jenkins	=1.424.0.4
Cloudbees Jenkins	=1.424.1.1
Cloudbees Jenkins	=1.424.2.1
Cloudbees Jenkins	=1.424.4.1
Cloudbees Jenkins	=1.424.5.1
Cloudbees Jenkins	=1.424.6.1
Cloudbees Jenkins	=1.424.6.11

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6072?
CVE-2012-6072 is classified as a medium severity vulnerability that allows remote attackers to inject arbitrary HTTP headers.
How do I fix CVE-2012-6072?
To fix CVE-2012-6072, update Jenkins to version 1.491 or higher, or apply the specific patches provided for affected versions.
What type of attacks can CVE-2012-6072 facilitate?
CVE-2012-6072 can facilitate HTTP response splitting attacks due to CRLF injection.
Which versions of Jenkins are affected by CVE-2012-6072?
CVE-2012-6072 affects Jenkins versions prior to 1.491, along with specific earlier versions of Jenkins LTS and enterprise builds.
Can CVE-2012-6072 impact security in web applications?
Yes, CVE-2012-6072 can severely impact web application security by allowing attackers to manipulate HTTP responses.

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-6072
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/event
agent/description
agent/trending
agent/tags
agent/source
vendor/cloudbees
canonical/cloudbees jenkins
version/cloudbees jenkins/1.447.1.1
version/cloudbees jenkins/1.447.2.2
version/cloudbees jenkins/1.447.3.1
version/cloudbees jenkins/1.400
version/cloudbees jenkins/1.424
version/cloudbees jenkins/1.447
vendor/jenkins
canonical/jenkins jenkins
version/jenkins jenkins/1.466.2
version/jenkins jenkins/1.409.1
version/jenkins jenkins/1.409.2
version/jenkins jenkins/1.409.3
version/jenkins jenkins/1.424.1
version/jenkins jenkins/1.424.2
version/jenkins jenkins/1.424.3
version/jenkins jenkins/1.424.4
version/jenkins jenkins/1.424.5
version/jenkins jenkins/1.424.6
version/jenkins jenkins/1.447.1
version/jenkins jenkins/1.447.2
version/jenkins jenkins/1.466.1
version/cloudbees jenkins/1.466.1.2
version/cloudbees jenkins/1.466.2.1
version/cloudbees jenkins/1.480.3.1
version/jenkins jenkins/1.400
version/jenkins jenkins/1.401
version/jenkins jenkins/1.402
version/jenkins jenkins/1.403
version/jenkins jenkins/1.404
version/jenkins jenkins/1.405
version/jenkins jenkins/1.406
version/jenkins jenkins/1.407
version/jenkins jenkins/1.408
version/jenkins jenkins/1.409
version/jenkins jenkins/1.410
version/jenkins jenkins/1.411
version/jenkins jenkins/1.412
version/jenkins jenkins/1.413
version/jenkins jenkins/1.414
version/jenkins jenkins/1.415
version/jenkins jenkins/1.416
version/jenkins jenkins/1.417
version/jenkins jenkins/1.418
version/jenkins jenkins/1.419
version/jenkins jenkins/1.420
version/jenkins jenkins/1.421
version/jenkins jenkins/1.422
version/jenkins jenkins/1.423
version/jenkins jenkins/1.424
version/jenkins jenkins/1.425
version/jenkins jenkins/1.426
version/jenkins jenkins/1.427
version/jenkins jenkins/1.428
version/jenkins jenkins/1.429
version/jenkins jenkins/1.430
version/jenkins jenkins/1.431
version/jenkins jenkins/1.432
version/jenkins jenkins/1.433
version/jenkins jenkins/1.434
version/jenkins jenkins/1.435
version/jenkins jenkins/1.436
version/jenkins jenkins/1.437
version/cloudbees jenkins/1.424.0.2
version/cloudbees jenkins/1.424.0.4
version/cloudbees jenkins/1.424.1.1
version/cloudbees jenkins/1.424.2.1
version/cloudbees jenkins/1.424.4.1
version/cloudbees jenkins/1.424.5.1
version/cloudbees jenkins/1.424.6.1
version/cloudbees jenkins/1.424.6.11

CVE-2012-6072: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6072?

How do I fix CVE-2012-6072?

What type of attacks can CVE-2012-6072 facilitate?

Which versions of Jenkins are affected by CVE-2012-6072?

Can CVE-2012-6072 impact security in web applications?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-6072?

How do I fix CVE-2012-6072?

What type of attacks can CVE-2012-6072 facilitate?

Which versions of Jenkins are affected by CVE-2012-6072?

Can CVE-2012-6072 impact security in web applications?