← back
CVE-2005-1951

CVE-2005-1951

EPSS 2.3%
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/25840unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=111842744205117&w=2http://marc.info/?l=bugtraq&m=111936255011735&w=2http://secunia.com/advisories/15670http://www.gulftech.org/?node=research&article_id=00080-06102005http://www.securityfocus.com/bid/13979