| VID |
21317 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB installed on the Web server is vulnerable to a HTTP response splitting attack in the privmsg.php and login.php script.
The phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. The versions prior to 2.0.10 of phpBB is vulnerable to a HTTP response splitting attack, caused by the applications' failure to reject illegal user input - specially, input containing malicious or unexpected CR and LF characters - in the 'privmsg.php' and 'login.php' script. By sending a single specially-crafted HTTP request, a remote attacker could cause the target web server to return a split response, which is then interpreted by the target user as two HTTP responses instead of on response. To be exploited successfully this attack, a remote user could steal session cookies or gain access to user specific information that may be sensitive and confidential.
* References:
http://www.securitytracker.com/alerts/2004/Jul/1010741.html
http://archives.neohapsis.com/archives/bugtraq/2004-07/0234.html
http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf
* Platforms Affected:
phpBB prior to 2.0.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpBB (2.0.10 or later) from the phpBB Web site at http://www.phpbb.com |
| Related URL |
CVE-2004-2054,CVE-2004-2055 (CVE) |
| Related URL |
10753 (SecurityFocus) |
| Related URL |
16759 (ISS) |
|
