CVE-2004-1620: CRLF Injection
First published: Thu Oct 21 2004(Updated: )
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Serendipity (S9Y) Freetag Event | =0.3 | |
| Serendipity (S9Y) Freetag Event | =0.4 | |
| Serendipity (S9Y) Freetag Event | =0.5 | |
| Serendipity (S9Y) Freetag Event | =0.5_pl1 | |
| Serendipity (S9Y) Freetag Event | =0.6 | |
| Serendipity (S9Y) Freetag Event | =0.6_pl1 | |
| Serendipity (S9Y) Freetag Event | =0.6_pl2 | |
| Serendipity (S9Y) Freetag Event | =0.6_pl3 | |
| Serendipity (S9Y) Freetag Event | =0.6_rc1 | |
| Serendipity (S9Y) Freetag Event | =0.6_rc2 | |
| Serendipity (S9Y) Freetag Event | =0.7_beta1 | |
| Serendipity (S9Y) Freetag Event | =0.7_beta2 | |
| Serendipity (S9Y) Freetag Event | =0.7_beta3 | |
| Serendipity (S9Y) Freetag Event | =0.7_beta4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.s9y.org/5.html
- http://www.securityfocus.com/bid/11497
- http://secunia.com/advisories/12909/
- http://sourceforge.net/project/shownotes.php?release_id=276694
- http://www.osvdb.org/11013
- http://www.osvdb.org/11038
- http://www.osvdb.org/11039
- http://securitytracker.com/id?1011864
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup
- http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup
- http://marc.info/?l=bugtraq&m=109841283115808&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17798
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/author
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/s9y
- canonical/serendipity (s9y) freetag event
- version/serendipity (s9y) freetag event/0.3
- version/serendipity (s9y) freetag event/0.4
- version/serendipity (s9y) freetag event/0.5
- version/serendipity (s9y) freetag event/0.5_pl1
- version/serendipity (s9y) freetag event/0.6
- version/serendipity (s9y) freetag event/0.6_pl1
- version/serendipity (s9y) freetag event/0.6_pl2
- version/serendipity (s9y) freetag event/0.6_pl3
- version/serendipity (s9y) freetag event/0.6_rc1
- version/serendipity (s9y) freetag event/0.6_rc2
- version/serendipity (s9y) freetag event/0.7_beta1
- version/serendipity (s9y) freetag event/0.7_beta2
- version/serendipity (s9y) freetag event/0.7_beta3
- version/serendipity (s9y) freetag event/0.7_beta4