7.4 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.028 Low
EPSS
Percentile
90.7%
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
CPE | Name | Operator | Version |
---|---|---|---|
bitweaver:bitweaver | bitweaver | eq | 1.3 |
retrogod.altervista.org/bitweaver_13_xpl.html
securityreason.com/securityalert/1115
sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358
www.bitweaver.org/articles/45
www.osvdb.org/26590
www.securityfocus.com/archive/1/437491/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/27348