← volver
CVE-2004-1620

CVE-2004-1620

EPSS 8.1%
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/24697no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markuphttp://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markuphttp://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markuphttp://marc.info/?l=bugtraq&m=109841283115808&w=2http://secunia.com/advisories/12909/http://securitytracker.com/id?1011864https://exchange.xforce.ibmcloud.com/vulnerabilities/17798http://sourceforge.net/project/shownotes.php?release_id=276694http://www.osvdb.org/11013http://www.osvdb.org/11038http://www.osvdb.org/11039http://www.s9y.org/5.html