CVE-2008-5730 - Improper Input Validation

Severity: None2023-10-23

Security Advisories

Abstract

Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.

The Oxygen products incorporate AIST NetCat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Author v25.1 and olderNone N/A
Oxygen XML Developer v25.1 and olderNone N/A
Oxygen XML Editor v25.1 and olderNone N/A

Mitigation

None

Detail

CVE-2008-5730

Severity: High

CVSS Score: 7.5

The AIST NetCat third-party library used by Oxygen XML products is an affected version mentioned in CVE-2008-5730 vulnerability description. However, Oxygen XML Author, Oxygen XML Developer and Oxygen XML Editor are desktop applications, not server applications. Therefor, we are not affected by this vulnerability.

List of Security Advisories