CVE-2005-3348 Information
Description
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier as used in phpgroupware 0.9.16 and earlier and egroupware before 1.0.0.009 allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
Reference
http://secunia.com/advisories/17441 http://secunia.com/advisories/17570 http://secunia.com/advisories/17584 http://secunia.com/advisories/17616 http://secunia.com/advisories/17620 http://secunia.com/advisories/17643 http://secunia.com/advisories/17698 http://www.debian.org/security/2005/dsa-897 http://www.debian.org/security/2005/dsa-898 http://www.debian.org/security/2005/dsa-899 http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml http://www.hardened-php.net/advisory_212005.81.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://www.securityfocus.com/archive/1/416543 http://www.securityfocus.com/bid/15396 http://www.securityfocus.com/bid/15414 https://exchange.xforce.ibmcloud.com/vulnerabilities/23107
Share on: