Detections
Analytics

CVE-2005-3348

high

Description

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23107

http://www.securityfocus.com/bid/15414

http://www.securityfocus.com/bid/15396

http://www.securityfocus.com/archive/1/416543

http://www.mandriva.com/security/advisories?name=MDKSA-2005:212

http://www.hardened-php.net/advisory_212005.81.html

http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml

http://www.debian.org/security/2005/dsa-899

http://www.debian.org/security/2005/dsa-898

http://www.debian.org/security/2005/dsa-897

http://secunia.com/advisories/17698

http://secunia.com/advisories/17643

http://secunia.com/advisories/17620

http://secunia.com/advisories/17616

http://secunia.com/advisories/17584

http://secunia.com/advisories/17570

http://secunia.com/advisories/17441

Details

Source: Mitre, NVD

Published: 2005-11-18

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High