Details of VAR-200505-1169

ID

VAR-200505-1169

CVE

CVE-2005-1180

TITLE

PHP-Nuke HTTP Response split vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-813

DESCRIPTION

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. PHP-Nuke is prone to a remote security vulnerability. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: PHP-Nuke "forwarder" Parameter HTTP Response Splitting SECUNIA ADVISORY ID: SA14965 VERIFY ADVISORY: http://secunia.com/advisories/14965/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ DESCRIPTION: Diabolic Crab has reported a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "forwarder" parameter is not properly sanitised. This can be exploited to inject malicious characters into HTTP headers and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been confirmed in version 7.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Diabolic Crab ORIGINAL ADVISORY: http://www.digitalparadox.org/advisories/pnuke.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-1180 // BID: 90134 // VULHUB: VHN-12389 // PACKETSTORM: 37347

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.6	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.5	Trust: 0.3

sources: BID: 90134 // CNNVD: CNNVD-200505-813 // NVD: CVE-2005-1180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1180
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200505-813
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-12389
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-1180
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12389
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12389 // CNNVD: CNNVD-200505-813 // NVD: CVE-2005-1180

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-813

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200505-813

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1180	Trust: 2.0
db:	SECUNIA	id:	14965	Trust: 1.8
db:	OSVDB	id:	15647	Trust: 1.7
db:	XF	id:	20116	Trust: 0.9
db:	CNNVD	id:	CNNVD-200505-813	Trust: 0.7
db:	BUGTRAQ	id:	20050415 HTTP RESPONSE SPLITTING VULNERABILITY IN PHP-NUKE 7.6 AND BELOW	Trust: 0.6
db:	BID	id:	90134	Trust: 0.4
db:	VULHUB	id:	VHN-12389	Trust: 0.1
db:	PACKETSTORM	id:	37347	Trust: 0.1

sources: VULHUB: VHN-12389 // BID: 90134 // PACKETSTORM: 37347 // CNNVD: CNNVD-200505-813 // NVD: CVE-2005-1180

REFERENCES

url:	http://www.digitalparadox.org/advisories/pnuke.txt	Trust: 2.1
url:	http://www.osvdb.org/15647	Trust: 1.7
url:	http://secunia.com/advisories/14965	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/20116	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=111359804013536&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=111359804013536&w=2	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/20116	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=111359804013536&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/14965/	Trust: 0.1
url:	http://secunia.com/product/2385/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-12389 // BID: 90134 // PACKETSTORM: 37347 // CNNVD: CNNVD-200505-813 // NVD: CVE-2005-1180

CREDITS

Unknown

Trust: 0.3

sources: BID: 90134

SOURCES

db:	VULHUB	id:	VHN-12389
db:	BID	id:	90134
db:	PACKETSTORM	id:	37347
db:	CNNVD	id:	CNNVD-200505-813
db:	NVD	id:	CVE-2005-1180

LAST UPDATE DATE

2024-08-14T15:40:53.134000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12389	date:	2017-07-11T00:00:00
db:	BID	id:	90134	date:	2005-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-813	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1180	date:	2017-07-11T01:32:34.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12389	date:	2005-05-02T00:00:00
db:	BID	id:	90134	date:	2005-05-02T00:00:00
db:	PACKETSTORM	id:	37347	date:	2005-05-27T06:06:14
db:	CNNVD	id:	CNNVD-200505-813	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-1180	date:	2005-05-02T04:00:00