Vulnerability Description
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codeworx Technologies | Dcp-Portal | <= 5.3.2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.htmlExploit
- http://secunia.com/advisories/12751Vendor Advisory
- http://securitytracker.com/id?1011481
- http://www.osvdb.org/10591
- http://www.securityfocus.com/bid/11340Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17640
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.htmlExploit
- http://secunia.com/advisories/12751Vendor Advisory
- http://securitytracker.com/id?1011481
- http://www.osvdb.org/10591
- http://www.securityfocus.com/bid/11340Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17640
FAQ
What is CVE-2004-2512?
CVE-2004-2512 is a vulnerability with a CVSS score of 4.3 (MEDIUM). CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0...
How severe is CVE-2004-2512?
CVE-2004-2512 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2512?
Check the references section above for vendor advisories and patch information. Affected products include: Codeworx Technologies Dcp-Portal.