{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38330", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-18T14:47:48.377Z", "dateReserved": "2023-07-14T00:00:00", "datePublished": "2023-08-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-02T00:00:00"}, "descriptions": [{"lang": "en", "value": "OXID eShop Enterprise Edition 6.5.0 \u2013 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.oxid-esales.com/view.php?id=7479"}, {"url": "https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:12.315Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.oxid-esales.com/view.php?id=7479", "tags": ["x_transferred"]}, {"url": "https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T14:47:18.412635Z", "id": "CVE-2023-38330", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:47:48.377Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.oxid-esales.com/view.php?id=7479", "tags": ["x_transferred"]}, {"url": "https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:12.315Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38330", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T14:47:18.412635Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:47:43.540Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bugs.oxid-esales.com/view.php?id=7479"}, {"url": "https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002"}], "descriptions": [{"lang": "en", "value": "OXID eShop Enterprise Edition 6.5.0 \u2013 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-02T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-38330", "state": "PUBLISHED", "dateUpdated": "2024-10-18T14:47:48.377Z", "dateReserved": "2023-07-14T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-02T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6ACFB3E2-42D6-40B1-BA15-00322A7BE2BC", "versionEndExcluding": "6.5.3", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OXID eShop Enterprise Edition 6.5.0 \u2013 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack."}, {"lang": "es", "value": "OXID eShop Enterprise Edition 6.5.0 - 6.5.2 antes de 6.5.3 permite subir archivos con cabeceras modificadas en el \u00e1rea de administraci\u00f3n. Un atacante puede subir un archivo con una cabecera modificada para crear un ataque de separaci\u00f3n de respuesta HTTP. "}], "id": "CVE-2023-38330", "lastModified": "2024-11-21T08:13:20.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-02T15:15:10.813", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.oxid-esales.com/view.php?id=7479"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugs.oxid-esales.com/view.php?id=7479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.oxid-esales.com/de/security/security-bulletins.html#security-bulletin-2023-002"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}