Chaotic Evil

**Name of the Vulnerable Software and Affected Versions** WordPress version 1.2 **Description** A CRLF injection issue in the wp-login.php file allows remote attackers to perform HTTP Response Splitting attacks. This is achieved by modifying the expected HTML content from the server via the `text` parameter in the `/wp-login.php` endpoint. **Recommendations** For WordPress version 1.2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the `wp-login.php` file to minimize the risk of exploitation. Avoid using the `text` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 0.7rc1 **Description** The issue allows remote attackers to perform HTTP Response Splitting attacks, modifying expected HTML content from the server. This can be achieved via the `url` parameter in index.php and exit.php, or the HTTP Referer field in comment.php. **Recommendations** For versions prior to 0.7rc1, update to version 0.7rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `url` parameter in index.php and exit.php, and limiting the use of the HTTP Referer field in comment.php to minimize the risk of exploitation.