| VID |
21521 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Phorum software is vulnerable to a remote HTTP response splitting vulnerability. Phorum is a PHP-based Web forum package for multiple operating systems. Phorum versions 5.0.14a and earlier could allow a remote attacker to inject malicious code into HTTP headers, caused by improper validation of user-supplied input in the Location response header. A remote attacker can exploit this vulnerability with a specially-crafted request to inject malicious code into HTTP headers, which may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
* References:
http://www.securityfocus.com/archive/1/393953
* Platforms Affected:
Phorum.org, Phorum versions 5.0.14a and ealier
Unix Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Phorum (5.0.15a or later), available from the Phorum Web site at http://phorum.org/ |
| Related URL |
CVE-2005-0843 (CVE) |
| Related URL |
12869 (SecurityFocus) |
| Related URL |
(ISS) |
|
