CVE-2008-5730 - Improper Input Validation
Severity: None2023-10-23
Abstract
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.
The Oxygen products incorporate AIST NetCat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Author v25.1 and older | None | N/A |
Oxygen XML Developer v25.1 and older | None | N/A |
Oxygen XML Editor v25.1 and older | None | N/A |
Detail
CVE-2008-5730
Severity: High
CVSS Score: 7.5
The AIST NetCat third-party library used by Oxygen XML products is an affected version mentioned in CVE-2008-5730 vulnerability description. However, Oxygen XML Author, Oxygen XML Developer and Oxygen XML Editor are desktop applications, not server applications. Therefor, we are not affected by this vulnerability.