{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T22:37:51.704","vulnerabilities":[{"cve":{"id":"CVE-2012-5057","sourceIdentifier":"cve@mitre.org","published":"2014-06-04T14:55:03.513","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter."},{"lang":"es","value":"Vulnerabilidad de inyección CRLF en ownCloud Server anterior a 4.0.8 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través del parámetro url path."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.7","matchCriteriaId":"1396EB21-CE64-4EA7-8212-E3F86D7E3C8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D77D4260-0D48-47EE-A09B-FC200CB36A38"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"78FEEBC0-9483-4EBE-B6E4-5390144A36F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7DED1F21-0941-4E3C-BA04-15D1C3B685C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3A7951FE-9C41-4CCF-933F-56204147148B"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"8F36384F-ECB2-48F5-AB32-85AB643CD816"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"7DA03000-6D01-4CDA-8C83-C2AFC649B869"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"8206EE35-2939-44B4-BBCF-C384C6206122"}]}]}],"references":[{"url":"http://owncloud.org/about/security/advisories/CVE-2012-5057/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://owncloud.org/about/security/advisories/CVE-2012-5057/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}],"evaluatorComment":"Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')\""}}]}