CVE-2005-3348

EPSS 1.62%
Veröffentlicht 18.11.2005 02:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle security@debian.org
CVE-Watchlists
Login
Unerledigt
Login

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpsysinfo ≫ Phpsysinfo Version2.0

Phpsysinfo ≫ Phpsysinfo Version2.1

Phpsysinfo ≫ Phpsysinfo Version2.3

Phpsysinfo ≫ Phpsysinfo Version2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.62%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://secunia.com/advisories/17616

http://secunia.com/advisories/17643

http://www.debian.org/security/2005/dsa-897

http://www.debian.org/security/2005/dsa-898

Patch

Vendor Advisory

http://www.debian.org/security/2005/dsa-899

http://www.mandriva.com/security/advisories?name=MDKSA-2005:212

http://www.securityfocus.com/archive/1/416543

http://www.securityfocus.com/bid/15414

http://secunia.com/advisories/17441

http://secunia.com/advisories/17570