BID:12869

Phorum HTTP Response Splitting Vulnerability

Info

Phorum HTTP Response Splitting Vulnerability

Bugtraq ID:	12869
Class:	Input Validation Error
CVE:	CVE-2005-0843
Remote:	Yes
Local:	No
Published:	Mar 22 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery of this vulnerability is credited to Alexander Anisimov <[email protected]>.
Vulnerable:	Phorum Phorum 5.0.13 Phorum Phorum 5.0.12 Phorum Phorum 5.0.11 Phorum Phorum 5.0.10 Phorum Phorum 5.0.9 Phorum Phorum 5.0.7 BETA Phorum Phorum 5.0.3 BETA Phorum Phorum 3.4.8 a Phorum Phorum 3.4.8 Phorum Phorum 3.4.7 Phorum Phorum 3.4.6 Phorum Phorum 3.4.5 Phorum Phorum 3.4.4 Phorum Phorum 3.4.3 Phorum Phorum 3.4.2 Phorum Phorum 3.4.1 Phorum Phorum 3.4 Phorum Phorum 3.3.2 b3 Phorum Phorum 3.3.2 a Phorum Phorum 3.3.2 Phorum Phorum 3.3.1 a Phorum Phorum 3.3.1 Phorum Phorum 3.2.8 Phorum Phorum 3.2.7 Phorum Phorum 3.2.6 Phorum Phorum 3.2.5 Phorum Phorum 3.2.4 Phorum Phorum 3.2.3 b Phorum Phorum 3.2.3 a Phorum Phorum 3.2.3 Phorum Phorum 3.2.2 Phorum Phorum 3.2 Phorum Phorum 3.1.2 Phorum Phorum 3.1.1 rc2 Phorum Phorum 3.1.1 pre Phorum Phorum 3.1.1 a Phorum Phorum 3.1.1 Phorum Phorum 3.1 Phorum Phorum 5.0.14

Not Vulnerable:	Phorum Phorum 5.0.15a

Discussion

Phorum HTTP Response Splitting Vulnerability

A remote HTTP response splitting vulnerability reportedly affects Phorum. This issue is due to a failure of the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted.

This issue was reported to affect Phorum version 5.0.14a; other versions might also be affected.

Exploit / POC

Phorum HTTP Response Splitting Vulnerability

The following example is available:

http://www.example.com/phorum5/search.php?forum_id=0&search=1&body=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2
034%0d%0a%0d%0a<html>Scanned by PTsecurity</html>%0d%0a&author=1&subject=1&match_forum=ALL&match_type=ALL&match_dates=30

Solution / Fix

Phorum HTTP Response Splitting Vulnerability

Solution:
The vendor has released an update to address this vulnerability.

Phorum Phorum 5.0.14

Phorum phorum-5.0.15a.tar.gz
http://phorum.org/downloads/phorum-5.0.15a.tar.gz

References

Phorum HTTP Response Splitting Vulnerability

References:

Phorum Homepage (Phorum)
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerabi (Alexander Anisimov )