Vulnerabilities > CVE-2004-1584 - Unspecified vulnerability in Wordpress 1.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | WordPress Blog HTTP Splitting Vulnerability. CVE-2004-1584. Webapps exploit for php platform |
| id | EDB-ID:570 |
| last seen | 2016-01-31 |
| modified | 2004-10-10 |
| published | 2004-10-10 |
| reporter | Tenable NS |
| source | https://www.exploit-db.com/download/570/ |
| title | WordPress Blog - HTTP Splitting Vulnerability |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-12.NASL description The remote host is affected by the vulnerability described in GLSA-200410-12 (WordPress: HTTP response splitting and XSS vulnerabilities) Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact : A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim last seen 2020-06-01 modified 2020-06-02 plugin id 15473 published 2004-10-14 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15473 title GLSA-200410-12 : WordPress: HTTP response splitting and XSS vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200410-12. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15473); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-1584"); script_xref(name:"GLSA", value:"200410-12"); script_name(english:"GLSA-200410-12 : WordPress: HTTP response splitting and XSS vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200410-12 (WordPress: HTTP response splitting and XSS vulnerabilities) Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact : A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser. Workaround : There is no known workaround at this time." ); # http://wordpress.org/development/2004/12/one-point-two-two/ script_set_attribute( attribute:"see_also", value:"https://wordpress.org/news/2004/12/one-point-two-two/" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200410-12" ); script_set_attribute( attribute:"solution", value: "All WordPress users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/wordpress-1.2.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wordpress"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/wordpress", unaffected:make_list("ge 1.2.2"), vulnerable:make_list("lt 1.2.2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WordPress"); }NASL family CGI abuses NASL id WORDPRESS_HTTP_SPLITTING.NASL description According to its banner, the remote version of WordPress is vulnerable to an HTTP-splitting attack wherein an attacker can insert CR LF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header which was supplied by the attacker. last seen 2020-06-01 modified 2020-06-02 plugin id 15443 published 2004-10-08 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15443 title WordPress 'wp-login.php' HTTP Response Splitting code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15443); script_version("1.21"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_cve_id("CVE-2004-1584"); script_bugtraq_id(11348); script_name(english:"WordPress 'wp-login.php' HTTP Response Splitting"); script_summary(english:"Checks the version of WordPress."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP script that is affected by an HTTP splitting attack."); script_set_attribute(attribute:"description", value: "According to its banner, the remote version of WordPress is vulnerable to an HTTP-splitting attack wherein an attacker can insert CR LF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header which was supplied by the attacker."); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/377770"); script_set_attribute(attribute:"solution", value:"Upgrade to WordPress version 1.2.1 or greater."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/08"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("wordpress_detect.nasl"); script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "WordPress"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; version = install['version']; install_url = build_url(port:port, qs:dir); if (report_paranoia < 2) audit(AUDIT_PARANOID); ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Versions less than 1.2.1 are vulnerable if ( (ver[0] < 1) || (ver[0] == 1 && ver[1] < 2) || (ver[0] == 1 && ver[1] == 2 && ver[2] < 1) ) { if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed version : 1.2.1\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, "WordPress", install_url, version);