CVE-2005-1951

high

Description

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

References

http://www.securityfocus.com/bid/13979

http://www.gulftech.org/?node=research&article_id=00080-06102005

http://secunia.com/advisories/15670

http://marc.info/?l=bugtraq&m=111936255011735&w=2

http://marc.info/?l=bugtraq&m=111842744205117&w=2

Details

Source: Mitre, NVD

Published: 2005-06-16

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High