CVE-2005-4830

Name of the Vulnerable Software and Affected Versions ViewCVS version 0.9.2

Description A CRLF injection issue exists, allowing remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.

Recommendations For ViewCVS version 0.9.2, avoid using the content-type parameter in a way that could allow CRLF injection until a patch is available. As a temporary workaround, consider restricting access to the viewcvs module to minimize the risk of exploitation.