CVE-2005-1951 : Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 a

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Published 2005-06-16 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-1951

Oscommerce » Oscommerce » Version: 2.1
cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:*
Matching versions
Oscommerce » Oscommerce » Version: 2.2 Ms2
cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*
Matching versions
Oscommerce » Oscommerce » Version: 2.2 Cvs
cpe:2.3:a:oscommerce:oscommerce:2.2_cvs:*:*:*:*:*:*:*
Matching versions
Oscommerce » Oscommerce » Version: 2.2 Ms1
cpe:2.3:a:oscommerce:oscommerce:2.2_ms1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-1951

EPSS FAQ

4.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-1951

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-1951

Jump to

Vulnerability Details : CVE-2005-1951

Products affected by CVE-2005-1951

Exploit prediction scoring system (EPSS) score for CVE-2005-1951

CVSS scores for CVE-2005-1951

References for CVE-2005-1951