1. CVE-Search
  2. CVE-2005-1951
ID CVE-2005-1951
Summary Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
References
Vulnerable Configurations
  • cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oscommerce:oscommerce:2.2_cvs:*:*:*:*:*:*:*
    cpe:2.3:a:oscommerce:oscommerce:2.2_cvs:*:*:*:*:*:*:*
  • cpe:2.3:a:oscommerce:oscommerce:2.2_ms1:*:*:*:*:*:*:*
    cpe:2.3:a:oscommerce:oscommerce:2.2_ms1:*:*:*:*:*:*:*
  • cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*
    cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2016 - 03:23)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 13979
bugtraq
  • 20050610 osCommere HTTP Response Splitting
  • 20050616 RE: osCommere HTTP Response Splitting (Solution)
misc http://www.gulftech.org/?node=research&article_id=00080-06102005
secunia 15670
Last major update 18-10-2016 - 03:23
Published 16-06-2005 - 04:00
Last modified 18-10-2016 - 03:23
Back to Top