CVE-2004-1620 Information

Feb 14, 2021 cve

Description

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php or (3) the HTTP Referer field in comment.php.

Reference

http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup http://marc.info/?l=bugtraq&m=109841283115808&w=2 http://secunia.com/advisories/12909/ http://securitytracker.com/id?1011864 http://sourceforge.net/project/shownotes.php?release_id=276694 http://www.osvdb.org/11013 http://www.osvdb.org/11038 http://www.osvdb.org/11039 http://www.s9y.org/5.html http://www.securityfocus.com/bid/11497 https://exchange.xforce.ibmcloud.com/vulnerabilities/17798 CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php or (3) the HTTP Referer field in comment.php.

Share on: