Description

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.

Remediation

References

CVE-2004-1620

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3742)

WordPress Plugin WebARX Cross-Site Scripting (1.3.0)

Oracle JRE CVE-2013-0423 Vulnerability (CVE-2013-0423)

osTicket Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-4634)

WordPress Plugin WP-Print Cross-Site Request Forgery (2.51)

Severity

Medium

Classification

CVE-2004-1620

Tags

Missing Update Known Vulnerabilities