CRLF injection vulnerability in Serendipity prior to 0.7rc1 allows remote malicious users to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
s9y serendipity 0.6_pl3 |
||
s9y serendipity 0.6_rc1 |
||
s9y serendipity 0.5 |
||
s9y serendipity 0.5_pl1 |
||
s9y serendipity 0.6 |
||
s9y serendipity 0.7_beta2 |
||
s9y serendipity 0.7_beta3 |
||
s9y serendipity 0.6_pl1 |
||
s9y serendipity 0.6_pl2 |
||
s9y serendipity 0.7_beta4 |
||
s9y serendipity 0.3 |
||
s9y serendipity 0.4 |
||
s9y serendipity 0.6_rc2 |
||
s9y serendipity 0.7_beta1 |