Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BusyBox 安全漏洞
Vulnerability Description
BusyBox是乌克兰Denis Vlasenko个人开发者的一套包含了多个linux命令和工具的应用程序。 BusyBox 1.3.7及之前版本存在安全漏洞,该漏洞源于HTTP请求目标中接受原始CR和LF等C0控制字节,可能导致请求行拆分和攻击者控制标头注入。
CVSS Information
N/A
Vulnerability Type
N/A