Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3348

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3348
Last Modified 02 Apr 2010 01:58:00
Published 17 Nov 2005 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3348

Summary

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

Vulnerable Systems

Application

  • Phpsysinfo 2.0

  • Phpsysinfo 2.1

  • Phpsysinfo 2.3

  • Phpsysinfo 2.4


References

DEBIAN - DSA-898

XF - phpsysinfo-registerglobal-data-manipulation(23107)

BID - 15414

BID - 15396

BUGTRAQ - 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo

MISC - http://www.hardened-php.net/advisory_212005.81.html

GENTOO - GLSA-200511-18

DEBIAN - DSA-899

DEBIAN - DSA-897

SECUNIA - 17698

SECUNIA - 17643

SECUNIA - 17620

SECUNIA - 17616

SECUNIA - 17584

SECUNIA - 17570

SECUNIA - 17441

MANDRIVA - MDKSA-2005:212


Last Updated: 27 May 2016 10:40:54