cbcvebase.
CVE-2004-2512
published 2004-12-31

CVE-2004-2512: CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web…

PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.59%
90.5th percentile
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.

Affected

12 ranges
VendorProductVersion rangeFixed in
codeworx_technologiesdcp-portal<= 5.3.2
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
codeworx_technologiesdcp-portal
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.