CVE-2006-6965CRLF Injection in Dokuwiki

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
DokuwikiDebian DokuwikiAndreas Gohr Dokuwiki
Timeline
PublishedJan 29
Latest updateMay 1

Description

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/dokuwiki< dokuwiki 0.0.20061106-1 (bookworm)
Debiandokuwiki/dokuwiki< 0.0.20061106-1+3
NVDandreas_gohr/dokuwikirelease_2006-03-09, release_2006-03-09e+1

🔴Vulnerability Details

2
GHSA
GHSA-653g-8hw7-x2fj: CRLF injection vulnerability in lib/exe/fetch2022-05-01
OSV
CVE-2006-6965: CRLF injection vulnerability in lib/exe/fetch2007-01-29

📋Vendor Advisories

1
Debian
CVE-2006-6965: dokuwiki - CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and p...2006