Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2146

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2146
Last Modified 05 Sep 2008 04:43:19
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2146

Summary

CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.

Vulnerable Systems

Application

  • Pd9 Software Megabbs 2

  • Pd9 Software Megabbs 2.1


References

XF - megabbs-response-splitting(17495)

BUGTRAQ - 20040926 Re: HTTP Response Splitting and SQL injection in megabbs forum

FULLDISC - 20040926 HTTP Response Splitting and SQL injection in megabbs forum

CONFIRM - http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924


Last Updated: 27 May 2016 10:39:22