CVE-2004-1470 : CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.

Published 2004-12-31 05:00:00

Updated 2017-07-11 01:31:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-1470

Snipsnap » Snipsnap » Version: 0.5.2a
cpe:2.3:a:snipsnap:snipsnap:0.5.2a:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-1470

EPSS FAQ

2.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-1470

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2004-1470

Jump to

Vulnerability Details : CVE-2004-1470

Products affected by CVE-2004-1470

Exploit prediction scoring system (EPSS) score for CVE-2004-1470

CVSS scores for CVE-2004-1470

References for CVE-2004-1470