Vulnerabilities > CVE-2004-1620 - Unspecified vulnerability in S9Y Serendipity
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
Vulnerable Configurations
Exploit-Db
description | Serendipity 0.x Exit.PHP HTTP Response Splitting Vulnerability. CVE-2004-1620. Webapps exploit for php platform |
id | EDB-ID:24697 |
last seen | 2016-02-02 |
modified | 2004-10-21 |
published | 2004-10-21 |
reporter | ChaoticEvil |
source | https://www.exploit-db.com/download/24697/ |
title | Serendipity 0.x Exit.PHP HTTP Response Splitting Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | SERENDIPITY_HTTP_SPLITTING.NASL |
description | The remote version of Serendipity is affected by an HTTP response- splitting vulnerability that may allow an attacker to perform a cross- site scripting attack against the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15543 |
published | 2004-10-21 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15543 |
title | Serendipity Multiple Script HTTP Response Splitting |
code |
|
References
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup
- http://marc.info/?l=bugtraq&m=109841283115808&w=2
- http://secunia.com/advisories/12909/
- http://securitytracker.com/id?1011864
- http://sourceforge.net/project/shownotes.php?release_id=276694
- http://www.osvdb.org/11013
- http://www.osvdb.org/11038
- http://www.osvdb.org/11039
- http://www.s9y.org/5.html
- http://www.securityfocus.com/bid/11497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17798