Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1687

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1687
Last Modified 05 Sep 2008 04:42:04
Published 16 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1687

Summary

CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.

Vulnerable Systems

Application

  • Snitz Communications Snitz Forums 2000 3.0

  • Snitz Communications Snitz Forums 2000 3.1

  • Snitz Communications Snitz Forums 2000 3.3

  • Snitz Communications Snitz Forums 2000 3.3.01

  • Snitz Communications Snitz Forums 2000 3.3.02

  • Snitz Communications Snitz Forums 2000 3.3.03

  • Snitz Communications Snitz Forums 2000 3.4.02

  • Snitz Communications Snitz Forums 2000 3.4.03

  • Snitz Communications Snitz Forums 2000 3.4.04


References

XF - snitz-response-splitting(17421)

BID - 11201

SECUNIA - 12590

BUGTRAQ - 20040916 ADVISORY: security hole (http response splitting) in snitz forums

CONFIRM - http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791


Last Updated: 27 May 2016 10:39:08