Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3105

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3105
Last Modified 05 Sep 2008 05:06:15
Published 20 Jun 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3105

Summary

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

Vulnerable Systems

Application

  • Bitweaver 1.3


References

XF - bitweaver-crlf-header-injection(27348)

BUGTRAQ - 20060617 bitweaver <= v1.3 multiple vulnerabilities

MISC - http://retrogod.altervista.org/bitweaver_13_xpl.html

OSVDB - 26590

CONFIRM - http://www.bitweaver.org/articles/45

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358

SREASON - 1115


Last Updated: 27 May 2016 10:42:53