ViewCVS < 1.0.0 HTTP Response Splitting

2004-12-2800:00:00

Tenable

www.tenable.com

JSON

The remote host is running ViewCVS, a tool to browse CVS repositories over the web. There is a flaw in the remote ViewCVS server that may allow an attacker to steal the credentials of third-party users via an HTTP response splitting attack.

Binary data 2478.prm

VendorProductVersionCPE
viewcvsviewcvscpe:/a:viewcvs:viewcvs

Vendor	Product	Version	CPE
viewcvs	viewcvs		cpe:/a:viewcvs:viewcvs

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1062

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4830

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4831

lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html

www.securityfocus.com/archive/1/archive/1/461382/100/0/threaded

JSON