Vulnerability Description
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitweaver | Bitweaver | 1.3 |
References
- http://retrogod.altervista.org/bitweaver_13_xpl.htmlExploit
- http://securityreason.com/securityalert/1115
- http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358
- http://www.bitweaver.org/articles/45
- http://www.osvdb.org/26590
- http://www.securityfocus.com/archive/1/437491/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27348
- http://retrogod.altervista.org/bitweaver_13_xpl.htmlExploit
- http://securityreason.com/securityalert/1115
- http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358
- http://www.bitweaver.org/articles/45
- http://www.osvdb.org/26590
- http://www.securityfocus.com/archive/1/437491/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27348
FAQ
What is CVE-2006-3105?
CVE-2006-3105 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP he...
How severe is CVE-2006-3105?
CVE-2006-3105 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3105?
Check the references section above for vendor advisories and patch information. Affected products include: Bitweaver Bitweaver.