CVE-2005-1951
published 2005-06-16CVE-2005-1951: Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
2.34%
81.5th percentile
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
mitre_cwe
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
HTTP agents or components may include a web server, load balancer, reverse proxy, web caching proxy, application firewall, web browser, etc. Regardless of the role, they are expected to maintain coherent, consistent HTTP communication state across all components. However, including unexpected data in an HTTP header allows an attacker to specify the entirety of the HTTP message that is rendered by the client HTTP agent (e.g., web browser) or back-end HTTP agent (e.g
CWE
Improper Neutralization of CRLF Sequences ('CRLF Injection')
mitre_cwe
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Integrity. Impact: Modify Application Data.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flo
http://marc.info/?l=bugtraq&m=111842744205117&w=2http://marc.info/?l=bugtraq&m=111936255011735&w=2http://secunia.com/advisories/15670http://www.gulftech.org/?node=research&article_id=00080-06102005http://www.securityfocus.com/bid/13979http://marc.info/?l=bugtraq&m=111842744205117&w=2http://marc.info/?l=bugtraq&m=111936255011735&w=2http://secunia.com/advisories/15670http://www.gulftech.org/?node=research&article_id=00080-06102005http://www.securityfocus.com/bid/13979
2005-06-16
Published