Description

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Remediation

References

CVE-2005-1951

Related Vulnerabilities

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)

WordPress Plugin RSVPMaker SQL Injection (6.1.9)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4208)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

WordPress Plugin WPtouch Cross-Site Request Forgery (1.9.31)

Severity

Medium

Classification

CVE-2005-1951

Tags

Missing Update Known Vulnerabilities