{"api_version":"1","generated_at":"2026-05-14T14:52:20+00:00","cve":"CVE-2004-1687","urls":{"html":"https://cve.report/CVE-2004-1687","api":"https://cve.report/api/cve/CVE-2004-1687.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-1687","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-1687"},"summary":{"title":"CVE-2004-1687","description":"CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-09-16 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17421","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17421","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/12590","name":"http://secunia.com/advisories/12590","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Secunia - Advisories - Snitz Forums 2000 HTTP Response Splitting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=109537195413691&w=2","name":"http://marc.info/?l=bugtraq&m=109537195413691&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'ADVISORY: security hole (http response splitting) in snitz forums' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791","name":"http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"404 Page Not Found","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/11201","name":"http://www.securityfocus.com/bid/11201","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"Snitz Forums Down.ASP HTTP Response Splitting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-1687","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-1687","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.1","cpe7":"sr4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.3.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.3.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.3.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.4.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.4.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1687","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"snitz_communications","cpe5":"snitz_forums_2000","cpe6":"3.4.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:00:37.130Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"12590","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/12590"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791"},{"name":"20040916 ADVISORY: security hole (http response splitting) in snitz forums","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=109537195413691&w=2"},{"name":"11201","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/11201"},{"name":"snitz-response-splitting(17421)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17421"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-09-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"12590","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/12590"},{"tags":["x_refsource_CONFIRM"],"url":"http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791"},{"name":"20040916 ADVISORY: security hole (http response splitting) in snitz forums","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=109537195413691&w=2"},{"name":"11201","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/11201"},{"name":"snitz-response-splitting(17421)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17421"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-1687","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"12590","refsource":"SECUNIA","url":"http://secunia.com/advisories/12590"},{"name":"http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791","refsource":"CONFIRM","url":"http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791"},{"name":"20040916 ADVISORY: security hole (http response splitting) in snitz forums","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=109537195413691&w=2"},{"name":"11201","refsource":"BID","url":"http://www.securityfocus.com/bid/11201"},{"name":"snitz-response-splitting(17421)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17421"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-1687","datePublished":"2005-02-20T05:00:00.000Z","dateReserved":"2005-02-21T00:00:00.000Z","dateUpdated":"2024-08-08T01:00:37.130Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-09-16 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*","matchCriteriaId":"EBAEA3C3-D65B-47B6-9A1B-CE18F7C86771"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*","matchCriteriaId":"AEBCC803-6F31-4CA5-B8AF-42AA370E0CF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*","matchCriteriaId":"7CB43A6B-03DE-4D60-AB41-87E419F82582"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*","matchCriteriaId":"3D54E309-5D2F-4C3C-835B-7653D86E25F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*","matchCriteriaId":"4027A962-81FD-472F-80CD-B1C3BABF3555"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*","matchCriteriaId":"C4396E99-B5C8-4914-A3DB-76E22A10AE84"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*","matchCriteriaId":"0D89B42F-7738-47EE-871A-FE16C53BCD81"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*","matchCriteriaId":"FD4EF4E8-F8A9-40C4-9F89-8C64A8CF2625"},{"vulnerable":true,"criteria":"cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*","matchCriteriaId":"A31D3D44-EC0B-4502-A1FA-3AE2BF4D4254"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"1687","Ordinal":"1","Title":"CVE-2004-1687","CVE":"CVE-2004-1687","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"1687","Ordinal":"1","NoteData":"CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.","Type":"Description","Title":"CVE-2004-1687"},{"CveYear":"2004","CveId":"1687","Ordinal":"2","NoteData":"2005-02-20","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"1687","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}