Lucene search

[email protected]CVE-2006-3105

HistoryJun 21, 2006 - 1:02 a.m.

CVE-2006-3105

2006-06-2101:02:00

[email protected]

web.nvd.nist.gov

cve

2006

3105

crlf injection

bitweaver

http response splitting

bwsession

index.php

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.7%

JSON

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

Affected configurations

NVD

Node

bitweaverbitweaverMatch1.3

CPENameOperatorVersion
bitweaver:bitweaverbitweavereq1.3

CPE	Name	Operator	Version
bitweaver:bitweaver	bitweaver	eq	1.3

References

retrogod.altervista.org/bitweaver_13_xpl.html

securityreason.com/securityalert/1115

sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358

www.bitweaver.org/articles/45

www.osvdb.org/26590

www.securityfocus.com/archive/1/437491/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/27348

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for CVE-2006-3105

cvelist1 nvd1