Signature Detail
Short Name |
HTTP:PHP:PHORUM:RESPONSE-SPLIT |
|---|---|
Severity |
Low |
Recommended |
No |
Category |
HTTP |
Keywords |
Phorum HTTP Response Splitting |
Release Date |
2005/08/12 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Phorum HTTP Response Splitting
This signature detects attempts to exploit a known vulnerability in Phorum. Versions 5.0.14 and earlier are vulnerable. Attackers can send a maliciously crafted URL designed to exploit an input validation. A successful attack can allow the client to alter the way data is represented from the server.
Extended Description
A remote HTTP response splitting vulnerability reportedly affects Phorum. This issue is due to a failure of the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This issue was reported to affect Phorum version 5.0.14a; other versions might also be affected.
Affected Products
- Phorum 3.1.0
- Phorum 3.1.1
- Phorum 3.1.1 a
- Phorum 3.1.1 pre
- Phorum 3.1.1 rc2
- Phorum 3.1.2
- Phorum 3.2.0
- Phorum 3.2.2
- Phorum 3.2.3
- Phorum 3.2.3 a
- Phorum 3.2.3 b
- Phorum 3.2.4
- Phorum 3.2.5
- Phorum 3.2.6
- Phorum 3.2.7
- Phorum 3.2.8
- Phorum 3.3.1
- Phorum 3.3.1 a
- Phorum 3.3.2
- Phorum 3.3.2 a
- Phorum 3.3.2 b3
- Phorum 3.4.0
- Phorum 3.4.1
- Phorum 3.4.2
- Phorum 3.4.3
- Phorum 3.4.4
- Phorum 3.4.5
- Phorum 3.4.6
- Phorum 3.4.7
- Phorum 3.4.8
- Phorum 3.4.8 a
- Phorum 5.0.10
- Phorum 5.0.11
- Phorum 5.0.12
- Phorum 5.0.13
- Phorum 5.0.14
- Phorum 5.0.3 BETA
- Phorum 5.0.7 BETA
- Phorum 5.0.9
References
- BugTraq: 12869
- CVE: CVE-2005-0843
- URL: http://www.security.nnov.ru/Idocument128.html
- URL: http://www.securityfocus.com/archive/1/393953