Back to search
CVE-2006-6965
Published: Jan 29, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
31620
vdb-entry
x_refsource_OSVDB
http://sla.ckers.org/forum/read.php?3%2C880%2C1361#msg-1361
x_refsource_MISC
24853
third-party-advisory
x_refsource_SECUNIA
23926
third-party-advisory
x_refsource_SECUNIA
22236
vdb-entry
x_refsource_BID
dokuwiki-fetch-response-splitting(31930)
vdb-entry
x_refsource_XF
ADV-2007-0357
vdb-entry
x_refsource_VUPEN
GLSA-200704-08
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now