Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200410-12
HistoryOct 14, 2004 - 12:00 a.m.

WordPress: HTTP response splitting and XSS vulnerabilities

2004-10-1400:00:00
Gentoo Foundation
security.gentoo.org
21

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.045

Percentile

92.6%

JSON

Background

WordPress is a PHP and MySQL based content management and publishing system.

Description

Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks.

Impact

A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim’s data or browser.

Workaround

There is no known workaround at this time.

Resolution

All WordPress users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.2.2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/wordpress< 1.2.2UNKNOWN

Related

cve 1
patchstack 1
cvelist 1
nessus 2
nvd 1
openvas 2
debiancve 1
wpvulndb 1
exploitdb 1
cve
cve
CVE-2004-1584
2005-02-20 05:00:00
patchstack
patchstack
WordPress <=1.2 - CRLF (Carriage Return Line Feed) injection
2005-02-20 00:00:00
cvelist
cvelist
CVE-2004-1584
2005-02-20 05:00:00
nessus
nessus
WordPress 'wp-login.php' HTTP Response Splitting
2004-10-08 00:00:00
GLSA-200410-12 : WordPress: HTTP response splitting and XSS vulnerabilities
2004-10-14 00:00:00
nvd
nvd
CVE-2004-1584
2004-12-31 05:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200410-12 (wordpress)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200410-12 (wordpress)
2008-09-24 00:00:00
debiancve
debiancve
CVE-2004-1584
2005-02-20 05:00:00
wpvulndb
wpvulndb
WordPress 1.2 - HTTP Response Splitting
2004-12-31 00:00:00
exploitdb
exploitdb
WordPress Core 1.2 - HTTP Splitting
2004-10-10 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.045

Percentile

92.6%

JSON
Related for GLSA-200410-12
cve1patchstack1cvelist1nessus2nvd1openvas2debiancve1wpvulndb1exploitdb1