Gentoo FoundationGLSA-200411-35phpWebSite: HTTP response splitting vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.9%
Background
phpWebSite is a web site content management system.
Description
Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks.
Impact
A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim’s data or browser.
Workaround
There is no known workaround at this time.
Resolution
All phpWebSite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | www-apps/phpwebsite | < 0.9.3_p4-r2 | UNKNOWN |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.9%