Lucene search

[email protected]CVE-2004-1620

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1620

2005-02-2005:00:00

[email protected]

web.nvd.nist.gov

crlf injection

serendipity

http response splitting

vulnerability

security

cve-2004-1620

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.

Affected configurations

NVD

Node

s9yserendipityMatch0.3

s9yserendipityMatch0.4

s9yserendipityMatch0.5

s9yserendipityMatch0.5_pl1

s9yserendipityMatch0.6

s9yserendipityMatch0.6_pl1

s9yserendipityMatch0.6_pl2

s9yserendipityMatch0.6_pl3

s9yserendipityMatch0.6_rc1

s9yserendipityMatch0.6_rc2

s9yserendipityMatch0.7_beta1

s9yserendipityMatch0.7_beta2

s9yserendipityMatch0.7_beta3

s9yserendipityMatch0.7_beta4

CPENameOperatorVersion
s9y:serendipitys9y serendipityeq0.3
s9y:serendipitys9y serendipityeq0.4
s9y:serendipitys9y serendipityeq0.5
s9y:serendipitys9y serendipityeq0.5_pl1
s9y:serendipitys9y serendipityeq0.6
s9y:serendipitys9y serendipityeq0.6_pl1
s9y:serendipitys9y serendipityeq0.6_pl2
s9y:serendipitys9y serendipityeq0.6_pl3
s9y:serendipitys9y serendipityeq0.6_rc1
s9y:serendipitys9y serendipityeq0.6_rc2

CPE	Name	Operator	Version
s9y:serendipity	s9y serendipity	eq	0.3
s9y:serendipity	s9y serendipity	eq	0.4
s9y:serendipity	s9y serendipity	eq	0.5
s9y:serendipity	s9y serendipity	eq	0.5_pl1
s9y:serendipity	s9y serendipity	eq	0.6
s9y:serendipity	s9y serendipity	eq	0.6_pl1
s9y:serendipity	s9y serendipity	eq	0.6_pl2
s9y:serendipity	s9y serendipity	eq	0.6_pl3
s9y:serendipity	s9y serendipity	eq	0.6_rc1
s9y:serendipity	s9y serendipity	eq	0.6_rc2

Rows per page:

1-10 of 141

References

cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup

cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup

cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup

marc.info/?l=bugtraq&m=109841283115808&w=2

secunia.com/advisories/12909/

securitytracker.com/id?1011864

sourceforge.net/project/shownotes.php?release_id=276694

www.osvdb.org/11013

www.osvdb.org/11038

www.osvdb.org/11039

www.s9y.org/5.html

www.securityfocus.com/bid/11497

exchange.xforce.ibmcloud.com/vulnerabilities/17798

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2004-1620

nessus1 cvelist1 nvd1