GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Sat Nov 27, 2004 1:15 am Post subject: [ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulne |
 |
|
Gentoo Linux Security Advisory
Title: phpWebSite: HTTP response splitting vulnerability (GLSA 200411-35)
Severity: low
Exploitable: remote
Date: November 26, 2004
Updated: May 22, 2006
Bug(s): #71502
ID: 200411-35
Synopsis
phpWebSite is vulnerable to possible HTTP response splitting attacks.
Background
phpWebSite is a web site content management system.
Affected Packages
Package: www-apps/phpwebsite
Vulnerable: < 0.9.3_p4-r2
Unaffected: >= 0.9.3_p4-r2
Architectures: All supported architectures
Description
Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks.
Impact
A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.
Workaround
There is no known workaround at this time.
Resolution
All phpWebSite users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2" |
References
BugTraq Posting
phpWebSite Announcement
CVE-2004-1516
Last edited by GLSA on Tue May 23, 2006 4:18 am; edited 2 times in total |
|
News & Announcements
