| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-4830 |
|
|
Http R.Spl. |
2005-12-31 |
2018-10-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter. |
|
2 |
CVE-2005-4579 |
|
|
Http R.Spl. |
2005-12-29 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. |
|
3 |
CVE-2005-4521 |
|
|
Http R.Spl. |
2005-12-28 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php. |
|
4 |
CVE-2005-3982 |
|
|
Http R.Spl. |
2005-12-04 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. |
|
5 |
CVE-2005-3791 |
|
|
Http R.Spl. |
2005-11-24 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors. |
|
6 |
CVE-2005-3633 |
|
|
Http R.Spl. |
2005-11-16 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. |
|
7 |
CVE-2005-3621 |
|
|
Http R.Spl. |
2005-11-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. |
|
8 |
CVE-2005-3348 |
352 |
|
Http R.Spl. |
2005-11-18 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. |
|
9 |
CVE-2005-2065 |
|
|
Http R.Spl. |
2005-06-29 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. |
|
10 |
CVE-2005-2060 |
|
|
Http R.Spl. |
2005-06-29 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. |
|
11 |
CVE-2005-1951 |
|
|
Http R.Spl. |
2005-06-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. |
|
12 |
CVE-2005-1405 |
|
|
Http R.Spl. |
2005-05-03 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. |
|
13 |
CVE-2005-1180 |
|
|
Http R.Spl. |
2005-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. |
|
14 |
CVE-2005-0843 |
|
|
Http R.Spl. |
2005-05-02 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. |
|
15 |
CVE-2005-0175 |
|
|
Http R.Spl. |
2005-02-07 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. |
