CVE-2006-3105 Information

Description

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers as demonstrated by the BWSESSION parameter in index.php.

Reference

http://retrogod.altervista.org/bitweaver_13_xpl.html http://securityreason.com/securityalert/1115 http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358 http://www.bitweaver.org/articles/45 http://www.osvdb.org/26590 http://www.securityfocus.com/archive/1/437491/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27348