Vulnerability Details : CVE-2006-6965
CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-6965
- cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09:*:*:*:*:*:*:*
- cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09e:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6965
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6965
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2006-6965
-
http://sla.ckers.org/forum/read.php?3,880,1361#msg-1361
Vendor Advisory
-
http://www.securityfocus.com/bid/22236
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31930
DokuWiki fetch.php HTTP response splitting CVE-2006-6965 Vulnerability Report
-
http://security.gentoo.org/glsa/glsa-200704-08.xml
DokuWiki: Cross-site scripting vulnerability (GLSA 200704-08) — Gentoo security
-
http://www.vupen.com/english/advisories/2007/0357
Site en construction
Jump to