Serendipity index.php Requested URL HTTP Response Splitting

2004-10-21T06:24:15
ID OSVDB:11013
Type osvdb
Reporter Chaotic Evil(chaoticevil@spyring.com)
Modified 2004-10-21T06:24:15

Description

Vulnerability Description

Serendipity contains a flaw that may allow a malicious user to perform HTTP response splitting on the index.php page. The issue is triggered when unexpected carriage return and/or line feed (CR/LF) characters are input into the HTTP request stream. It is possible that the flaw may allow man-in-the-middle attacks and or cross-site-scripting attacks, resulting in a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 0.7-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Serendipity contains a flaw that may allow a malicious user to perform HTTP response splitting on the index.php page. The issue is triggered when unexpected carriage return and/or line feed (CR/LF) characters are input into the HTTP request stream. It is possible that the flaw may allow man-in-the-middle attacks and or cross-site-scripting attacks, resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://www.s9y.org/ Vendor Specific Advisory URL Security Tracker: 1011864 Secunia Advisory ID:12909 Related OSVDB ID: 11039 Related OSVDB ID: 11038 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0219.html Bugtraq ID: 11497