Lucene search
HistoryOct 25, 2005 - 4:00 a.m.
CVE-2004-2512
cve-2004-2512
crlf injection
calendar.php
dcp-portal
security vulnerability
http response splitting
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.022 Low
EPSS
Percentile
89.6%
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (“%0d%0a”) sequences in the PHPSESSID parameter.
Affected configurations
Node
codeworx_technologiesdcp-portalRange≤5.3.2
ORcodeworx_technologiesdcp-portalMatch3.7
ORcodeworx_technologiesdcp-portalMatch4.0
ORcodeworx_technologiesdcp-portalMatch4.1
ORcodeworx_technologiesdcp-portalMatch4.2
ORcodeworx_technologiesdcp-portalMatch4.5.1
ORcodeworx_technologiesdcp-portalMatch5.0.1
ORcodeworx_technologiesdcp-portalMatch5.0.2
ORcodeworx_technologiesdcp-portalMatch5.1
ORcodeworx_technologiesdcp-portalMatch5.2
ORcodeworx_technologiesdcp-portalMatch5.3
ORcodeworx_technologiesdcp-portalMatch5.3.1
Related
nvd
nvd
CVE-2004-2512
2004-12-31 05:00:00
cvelist
cvelist
CVE-2004-2512
2005-10-25 04:00:00
nessus
nessus
DCP-Portal Multiple Script XSS
2003-03-23 00:00:00
openvas
openvas
DCP-Portal <= 5.3.2 Multiple Vulnerabilities - Active Check
2005-11-03 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.022 Low
EPSS
Percentile
89.6%
Related for CVE-2004-2512