PHPWebSite用户模块HTTP响应拆分漏洞

漏洞信息详情

PHPWebSite用户模块HTTP响应拆分漏洞

• CNNVD编号：CNNVD-200412-342
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1516
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  phpwebsite
• 漏洞来源：
  .’);”>Discovery of this …

phpWebSite 0.9.3-4版本的index.phpCRLF存在注入漏洞。远程攻击者可以借助用户模块的block_username参数执行HTTP响应拆分攻击修改服务器预定HTML内容。

The vendor has released a security patch dealing with this issue.
Gentoo Linux has released advisory GLSA 200411-35:02 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge –sync
emerge –ask –oneshot –verbose “>=www-apps/phpwebsite-0.9.3_p4-r2”
Please see the referenced advisory for futher information.
phpWebsite phpWebsite 0.9.3 -4

• phpWebsite phpwebsite-core-security-patch2.tar.gz
  
  http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-secu
  rity-patch2.tar.gz

phpWebsite phpWebsite 0.9.3 -2

• phpWebsite phpwebsite-core-security-patch2.tar.gz
  
  http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-secu
  rity-patch2.tar.gz

phpWebsite phpWebsite 0.9.3 -3

• phpWebsite phpwebsite-core-security-patch2.tar.gz
  
  http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-secu
  rity-patch2.tar.gz

来源: XF
名称: phpwebsite-response-splitting(18046)
链接:http://xforce.iss.net/xforce/xfdb/18046

来源: BID
名称: 11673
链接:http://www.securityfocus.com/bid/11673

来源: GENTOO
名称: GLSA-200411-35
链接:http://security.gentoo.org/glsa/glsa-200411-35.xml

来源: SECUNIA
名称: 13172
链接:http://secunia.com/advisories/13172/

来源: phpwebsite.appstate.edu
链接:http://phpwebsite.appstate.edu/index.php?module=announce&ANN_id=863&ANN_user_op=view

来源: BUGTRAQ
名称: 20041111 security hole (http response splitting) in phpwebsite
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110022027420583&w=2