CVE-2005-3348 : HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

Published 2005-11-18 02:02:00

Updated 2025-04-03 01:03:51

Source Debian GNU/Linux

View at NVD, CVE.org

Products affected by CVE-2005-3348

Phpsysinfo » Phpsysinfo » Version: 2.0
cpe:2.3:a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:*
Matching versions
Phpsysinfo » Phpsysinfo » Version: 2.1
cpe:2.3:a:phpsysinfo:phpsysinfo:2.1:*:*:*:*:*:*:*
Matching versions
Phpsysinfo » Phpsysinfo » Version: 2.3
cpe:2.3:a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*
Matching versions
Phpsysinfo » Phpsysinfo » Version: 2.4
cpe:2.3:a:phpsysinfo:phpsysinfo:2.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-3348

EPSS FAQ

1.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-3348

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2005-3348

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2005-3348

http://secunia.com/advisories/17698

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/archive/1/416543

CVEs referencing this url
http://secunia.com/advisories/17584

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/17441

About Secunia Research | Flexera

CVEs referencing this url
http://www.debian.org/security/2005/dsa-897

[SECURITY] [DSA 897-1] New phpsysinfo packages fix several vulnerabilities

CVEs referencing this url
http://www.hardened-php.net/advisory_212005.81.html

Hardened PHP - Hardened-PHP

CVEs referencing this url
http://www.debian.org/security/2005/dsa-899

[SECURITY] [DSA 899-1] New egroupware packages fix several vulnerabilities

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212

Mandriva

CVEs referencing this url
http://www.securityfocus.com/bid/15396

CVEs referencing this url
http://secunia.com/advisories/17570

About Secunia Research | Flexera

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107

phpSysInfo register_globals data manipulation CVE-2005-3347 Vulnerability Report

CVEs referencing this url
http://www.debian.org/security/2005/dsa-898

[SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities
Patch;Vendor Advisory

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml

phpSysInfo: Multiple vulnerabilities (GLSA 200511-18) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/15414

CVEs referencing this url
http://secunia.com/advisories/17643

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/17620

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/17616

About Secunia Research | Flexera

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2005-3348

Products affected by CVE-2005-3348

Exploit prediction scoring system (EPSS) score for CVE-2005-3348

CVSS scores for CVE-2005-3348

CWE ids for CVE-2005-3348

References for CVE-2005-3348