DokuWiki Fetch.PHP HTTP Response Splitting Vulnerability

Bugtraq ID:	22236
Class:	Input Validation Error
CVE:	CVE-2006-6965
Remote:	Yes
Local:	No
Published:	Jan 25 2007 12:00AM
Updated:	Apr 12 2007 06:31PM
Credit:	unsticky is credited with the discovery of this vulnerability.
Vulnerable:	Gentoo Linux DokuWiki DokuWiki 2006.6.4 DokuWiki DokuWiki 2006.3.9 DokuWiki DokuWiki 2006.3.5 DokuWiki DokuWiki 2006.03.09e DokuWiki DokuWiki 2006.03.09b
Not Vulnerable:	DokuWiki DokuWiki 2006.11.6

DokuWiki Fetch.PHP HTTP Response Splitting Vulnerability

DokuWIki is prone to an HTTP-response-splitting vulnerability because the application fails to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

This issue affects version 2006.03.09e; other versions may also be vulnerable.

DokuWiki Fetch.PHP HTTP Response Splitting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI .

DokuWiki Fetch.PHP HTTP Response Splitting Vulnerability

Solution:
Please see the referenced advisories for further information.

DokuWiki Fetch.PHP HTTP Response Splitting Vulnerability

References:

• DokuWiki Web Site (DokuWiki)