CVE-2004-1620

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 0.7rc1

Description The issue allows remote attackers to perform HTTP Response Splitting attacks, modifying expected HTML content from the server. This can be achieved via the url parameter in index.php and exit.php, or the HTTP Referer field in comment.php.

Recommendations For versions prior to 0.7rc1, update to version 0.7rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the url parameter in index.php and exit.php, and limiting the use of the HTTP Referer field in comment.php to minimize the risk of exploitation.