Vulnerabilities > CVE-2007-2046 - Remote Security vulnerability in Openads

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

openads

NVD

Published: 2007-04-16

Updated: 2011-03-08

Summary

Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Openads Openads Openads *	2

References

http://forum.openads.org/index.php?showtopic=503413399&pid=39136
http://secunia.com/advisories/24876
http://sourceforge.net/forum/forum.php?forum_id=685278
http://sourceforge.net/project/shownotes.php?release_id=500343
http://www.vupen.com/english/advisories/2007/1364