CVE-2012-6072

Name: CVE-2012-6072
Creator: NVD / NIST
Published: 2013-02-24T22:55:01.097+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.82%

Last modified Jun 16, 2026

CVE-2012-6072 is a vulnerability of currently unknown severity. CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.. EPSS estimates a 1.82% chance of exploitation in the next 30 days.

Description

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Metrics

EPSS Probability

1.82%

75.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Cloudbees	Jenkins	1.447.1.1
Cloudbees	Jenkins	1.447.2.2
Cloudbees	Jenkins	1.447.3.1
Cloudbees	Jenkins	1.400
Cloudbees	Jenkins	1.424
Cloudbees	Jenkins	1.447
Jenkins	Jenkins	<= 1.466.2
Jenkins	Jenkins	1.409.1
Jenkins	Jenkins	1.409.2
Jenkins	Jenkins	1.409.3
Jenkins	Jenkins	1.424.1
Jenkins	Jenkins	1.424.2
Jenkins	Jenkins	1.424.3
Jenkins	Jenkins	1.424.4
Jenkins	Jenkins	1.424.5
Jenkins	Jenkins	1.424.6
Jenkins	Jenkins	1.447.1
Jenkins	Jenkins	1.447.2
Jenkins	Jenkins	1.466.1
Cloudbees	Jenkins	1.466.1.2
Cloudbees	Jenkins	1.466.2.1
Cloudbees	Jenkins	<= 1.480.3.1
Jenkins	Jenkins	1.400
Jenkins	Jenkins	1.401
Jenkins	Jenkins	1.402
Jenkins	Jenkins	1.403
Jenkins	Jenkins	1.404
Jenkins	Jenkins	1.405
Jenkins	Jenkins	1.406
Jenkins	Jenkins	1.407
Jenkins	Jenkins	1.408
Jenkins	Jenkins	1.409
Jenkins	Jenkins	1.410
Jenkins	Jenkins	1.411
Jenkins	Jenkins	1.412
Jenkins	Jenkins	1.413
Jenkins	Jenkins	1.414
Jenkins	Jenkins	1.415
Jenkins	Jenkins	1.416
Jenkins	Jenkins	1.417
Jenkins	Jenkins	1.418
Jenkins	Jenkins	1.419
Jenkins	Jenkins	1.420
Jenkins	Jenkins	1.421
Jenkins	Jenkins	1.422
Jenkins	Jenkins	1.423
Jenkins	Jenkins	1.424
Jenkins	Jenkins	1.425
Jenkins	Jenkins	1.426
Jenkins	Jenkins	1.427

Showing 50 of 68 affected configurations. See NVD for the full list.

References

Timeline

Published: Feb 24, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-6072?

How severe is CVE-2012-6072?

Severity scoring for CVE-2012-6072 is pending analysis. The EPSS model estimates a 1.82% probability of exploitation in the next 30 days.

How do I fix CVE-2012-6072?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-6072?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST