漏洞信息详情
PHPWebSite用户模块HTTP响应拆分漏洞
- CNNVD编号:CNNVD-200412-342
- 危害等级: 低危
- CVE编号: CVE-2004-1516
- 漏洞类型: 输入验证
- 发布时间: 2004-12-31
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: phpwebsite
- 漏洞来源:
漏洞简介
phpWebSite 0.9.3-4版本的index.phpCRLF存在注入漏洞。远程攻击者可以借助用户模块的block_username参数执行HTTP响应拆分攻击修改服务器预定HTML内容。
漏洞公告
The vendor has released a security patch dealing with this issue. Gentoo Linux has released advisory GLSA 200411-35:02 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges: emerge --sync emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2" Please see the referenced advisory for futher information. phpWebsite phpWebsite 0.9.3 -4
- phpWebsite phpwebsite-core-security-patch2.tar.gz http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-secu rity-patch2.tar.gz
- phpWebsite phpwebsite-core-security-patch2.tar.gz http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-secu rity-patch2.tar.gz
- phpWebsite phpwebsite-core-security-patch2.tar.gz http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-secu rity-patch2.tar.gz
参考网址
来源: XF 名称: phpwebsite-response-splitting(18046) 链接:http://xforce.iss.net/xforce/xfdb/18046 来源: BID 名称: 11673 链接:http://www.securityfocus.com/bid/11673 来源: GENTOO 名称: GLSA-200411-35 链接:http://security.gentoo.org/glsa/glsa-200411-35.xml 来源: SECUNIA 名称: 13172 链接:http://secunia.com/advisories/13172/ 来源: phpwebsite.appstate.edu 链接:http://phpwebsite.appstate.edu/index.php?module=announce&ANN_id=863&ANN_user_op=view 来源: BUGTRAQ 名称: 20041111 security hole (http response splitting) in phpwebsite 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110022027420583&w=2
受影响实体
- Phpwebsite Phpwebsite:0.9.3.4
- Phpwebsite Phpwebsite:0.9.3.3
- Phpwebsite Phpwebsite:0.9.3.2
- Phpwebsite Phpwebsite:0.9.3.1
- Phpwebsite Phpwebsite:0.9.3
补丁
暂无
评论