Vulnerability Details : CVE-2004-1687
Potential exploit
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
Products affected by CVE-2004-1687
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*
- cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1687
5.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1687
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-1687
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17421
-
http://www.securityfocus.com/bid/11201
Exploit;Patch;Vendor Advisory
-
http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791
Vendor Advisory
-
http://secunia.com/advisories/12590
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=109537195413691&w=2
'ADVISORY: security hole (http response splitting) in snitz forums' - MARC
Jump to