Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1516

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1516
Last Modified 05 Sep 2008 04:41:37
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1516

Summary

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.

Vulnerable Systems

Application

  • Phpwebsite 0.7.3

  • Phpwebsite 0.8.2

  • Phpwebsite 0.8.3

  • Phpwebsite 0.9.3

  • Phpwebsite 0.9.3.1

  • Phpwebsite 0.9.3.2

  • Phpwebsite 0.9.3.3

  • Phpwebsite 0.9.3.4


References

XF - phpwebsite-response-splitting(18046)

BID - 11673

GENTOO - GLSA-200411-35

SECUNIA - 13172

CONFIRM - http://phpwebsite.appstate.edu/index.php?module=announce&ANN_id=863&ANN_user_op=view

BUGTRAQ - 20041111 security hole (http response splitting) in phpwebsite


Last Updated: 27 May 2016 10:39:04