Vulnerability Description
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S9Y | Serendipity | 0.3 |
References
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&vie
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&vi
- http://marc.info/?l=bugtraq&m=109841283115808&w=2
- http://secunia.com/advisories/12909/ExploitPatchVendor Advisory
- http://securitytracker.com/id?1011864
- http://sourceforge.net/project/shownotes.php?release_id=276694
- http://www.osvdb.org/11013
- http://www.osvdb.org/11038
- http://www.osvdb.org/11039
- http://www.s9y.org/5.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11497ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17798
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&vie
FAQ
What is CVE-2004-1620?
CVE-2004-1620 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1...
How severe is CVE-2004-1620?
CVE-2004-1620 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1620?
Check the references section above for vendor advisories and patch information. Affected products include: S9Y Serendipity.