PT-2004-2527 · Serendipity · Serendipity

Chaotic Evil

Published

2004-10-21

Updated

2017-07-11

CVE-2004-1620

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 0.7rc1

Description The issue allows remote attackers to perform HTTP Response Splitting attacks, modifying expected HTML content from the server. This can be achieved via the url parameter in index.php and exit.php, or the HTTP Referer field in comment.php.

Recommendations For versions prior to 0.7rc1, update to version 0.7rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the url parameter in index.php and exit.php, and limiting the use of the HTTP Referer field in comment.php to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1620

Affected Products

Serendipity

PT-2004-2527 · Serendipity · Serendipity

CVE-2004-1620

Related Identifiers

Affected Products

References · 16