CVE-2004-2512

2005-10-2504:00:00

mitre

www.cve.org

6.9 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.6%

JSON

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF (“%0d%0a”) sequences in the PHPSESSID parameter.

References

archives.neohapsis.com/archives/bugtraq/2004-10/0042.html

secunia.com/advisories/12751

securitytracker.com/id?1011481

www.osvdb.org/10591

www.securityfocus.com/bid/11340

exchange.xforce.ibmcloud.com/vulnerabilities/17640