Vulnerabilities > CVE-2004-1470 - Unspecified vulnerability in Snipsnap 0.5.2A

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
snipsnap
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.

Vulnerable Configurations

Part Description Count
Application
Snipsnap
1

Exploit-Db

descriptionSnipSnap 0.5.2 HTTP Response Splitting Vulnerability. CVE-2004-1470. Remote exploits for multiple platform
idEDB-ID:24598
last seen2016-02-02
modified2004-09-14
published2004-09-14
reporterMaestro De-Seguridad
sourcehttps://www.exploit-db.com/download/24598/
titleSnipSnap 0.5.2 HTTP Response Splitting Vulnerability

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200409-23.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200409-23 (SnipSnap: HTTP response splitting) SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user defacement, hijacking pages with sensitive user information, and cross-site scripting. This vulnerability is due to the lack of illegal input checking in the software. Impact : A malicious user could inject and execute arbitrary script code, potentially compromising the victim
last seen2020-06-01
modified2020-06-02
plugin id14774
published2004-09-17
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14774
titleGLSA-200409-23 : SnipSnap: HTTP response splitting
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200409-23.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(14774);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:41");

  script_cve_id("CVE-2004-1470");
  script_xref(name:"GLSA", value:"200409-23");

  script_name(english:"GLSA-200409-23 : SnipSnap: HTTP response splitting");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200409-23
(SnipSnap: HTTP response splitting)

    SnipSnap contains various HTTP response splitting vulnerabilities that
    could potentially compromise the sites data. Some of these attacks
    include web cache poisoning, cross-user defacement, hijacking pages
    with sensitive user information, and cross-site scripting. This
    vulnerability is due to the lack of illegal input checking in the
    software.
  
Impact :

    A malicious user could inject and execute arbitrary script code,
    potentially compromising the victim's data or browser.
  
Workaround :

    There is no known workaround at this time."
  );
  # http://snipsnap.org/space/start/2004-09-14/1#SnipSnap_1.0b1_(uttoxeter)_released
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1a47e4e1"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200409-23"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All SnipSnap users should upgrade to the latest version:
    # emerge sync
    # emerge -pv '>=dev-java/snipsnap-bin-1.0_beta1'
    # emerge '>=dev-java/snipsnap-bin-1.0beta1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:snipsnap-bin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/17");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-java/snipsnap-bin", unaffected:make_list("ge 1.0_beta1"), vulnerable:make_list("lt 1.0_beta1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SnipSnap");
}

References