Vulnerability Description
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snitz Communications | Snitz Forums 2000 | 3.0 |
References
- http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791Vendor Advisory
- http://marc.info/?l=bugtraq&m=109537195413691&w=2
- http://secunia.com/advisories/12590PatchVendor Advisory
- http://www.securityfocus.com/bid/11201ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17421
- http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791Vendor Advisory
- http://marc.info/?l=bugtraq&m=109537195413691&w=2
- http://secunia.com/advisories/12590PatchVendor Advisory
- http://www.securityfocus.com/bid/11201ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17421
FAQ
What is CVE-2004-1687?
CVE-2004-1687 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the locatio...
How severe is CVE-2004-1687?
CVE-2004-1687 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1687?
Check the references section above for vendor advisories and patch information. Affected products include: Snitz Communications Snitz Forums 2000.