CVE-2004-2512

Name of the Vulnerable Software and Affected Versions DCP-Portal versions 5.3.2 and earlier

Description A CRLF injection issue in the calendar.php file allows remote attackers to conduct HTTP response splitting attacks. This can lead to spoofing web content and poisoning web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.

Recommendations For DCP-Portal versions 5.3.2 and earlier, consider restricting access to the calendar.php file until a patch is available. As a temporary workaround, avoid using the PHPSESSID parameter in the affected API endpoint until the issue is resolved.