Description

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Remediation

References

CVE-2005-1951

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2007-4784)

WordPress Plugin Request a Quote Cross-Site Scripting (2.3.4)

WordPress Plugin Multiple Roles Cross-Site Request Forgery (1.3.1)

Oracle JRE CVE-2017-10309 Vulnerability (CVE-2017-10309)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)

Severity

Medium

Classification

CVE-2005-1951

Tags

Missing Update Known Vulnerabilities