CVE-2006-3105

Name of the Vulnerable Software and Affected Versions Bitweaver version 1.3

Description The issue allows remote attackers to conduct HTTP response splitting attacks by injecting CRLF sequences into HTTP headers via multiple unspecified parameters. This is demonstrated by the BWSESSION parameter in "index.php".

Recommendations For Bitweaver version 1.3, as a temporary workaround, consider restricting access to the vulnerable parameters to minimize the risk of exploitation. Avoid using the BWSESSION parameter in the affected "index.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.