QwikSec

Security Database

CVE

CWE

Training

CVE-2004-1620

Published: Feb 20, 2005

Modified: Aug 8, 2024

PUBLISHED

Description

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20041021 HTTP Response Splitting in Serendipity 0.7-beta4

mailing-list

x_refsource_BUGTRAQ

http://www.s9y.org/5.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup

x_refsource_CONFIRM

http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup

x_refsource_CONFIRM

serendipity-response-splitting(17798)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

http://sourceforge.net/project/shownotes.php?release_id=276694

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.