PT-2005-5491 · Viewcvs · Viewcvs
Published
2005-12-31
·
Updated
2018-10-19
·
CVE-2005-4830
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ViewCVS version 0.9.2
Description
A CRLF injection issue exists, allowing remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the
content-type parameter.Recommendations
For ViewCVS version 0.9.2, avoid using the
content-type parameter in a way that could allow CRLF injection until a patch is available. As a temporary workaround, consider restricting access to the viewcvs module to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Viewcvs