CVE-2004-1620
S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-10-21 CVE Published
- 2004-10-21 First Exploit
- 2005-02-20 CVE Reserved
- 2023-06-12 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup | X_refsource_confirm | |
| http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup | X_refsource_confirm | |
| http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup | X_refsource_confirm | |
| http://marc.info/?l=bugtraq&m=109841283115808&w=2 | Mailing List | |
| http://securitytracker.com/id?1011864 | Vdb Entry | |
| http://sourceforge.net/project/shownotes.php?release_id=276694 | X_refsource_confirm | |
| http://www.osvdb.org/11013 | Vdb Entry | |
| http://www.osvdb.org/11038 | Vdb Entry | |
| http://www.osvdb.org/11039 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17798 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24697 | 2004-10-21 | |
| http://secunia.com/advisories/12909 | 2024-08-08 | |
| http://www.s9y.org/5.html | 2024-08-08 | |
| http://www.securityfocus.com/bid/11497 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.3 Search vendor "S9y" for product "Serendipity" and version "0.3" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.4 Search vendor "S9y" for product "Serendipity" and version "0.4" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.5 Search vendor "S9y" for product "Serendipity" and version "0.5" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.5_pl1 Search vendor "S9y" for product "Serendipity" and version "0.5_pl1" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.6 Search vendor "S9y" for product "Serendipity" and version "0.6" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.6_pl1 Search vendor "S9y" for product "Serendipity" and version "0.6_pl1" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.6_pl2 Search vendor "S9y" for product "Serendipity" and version "0.6_pl2" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.6_pl3 Search vendor "S9y" for product "Serendipity" and version "0.6_pl3" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.6_rc1 Search vendor "S9y" for product "Serendipity" and version "0.6_rc1" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.6_rc2 Search vendor "S9y" for product "Serendipity" and version "0.6_rc2" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.7_beta1 Search vendor "S9y" for product "Serendipity" and version "0.7_beta1" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.7_beta2 Search vendor "S9y" for product "Serendipity" and version "0.7_beta2" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.7_beta3 Search vendor "S9y" for product "Serendipity" and version "0.7_beta3" | - |
Affected
| ||||||
| S9y Search vendor "S9y" | Serendipity Search vendor "S9y" for product "Serendipity" | 0.7_beta4 Search vendor "S9y" for product "Serendipity" and version "0.7_beta4" | - |
Affected
| ||||||