Drake CMS Index.PHP HTTP Response Splitting Vulnerability
BID:23851
Info
Drake CMS Index.PHP HTTP Response Splitting Vulnerability
| Bugtraq ID: | 23851 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2618 |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2007 12:00AM |
| Updated: | Dec 18 2007 08:06PM |
| Credit: | John Martinelli is credited with the discovery of this vulnerability. |
| Vulnerable: |
Drake CMS Drake CMS 0.4 Drake CMS Drake CMS 0.3.9 Drake CMS Drake CMS 0.3.8 Beta Drake CMS Drake CMS 0.3.7 Beta Drake CMS Drake CMS 0.3.7 Drake CMS Drake CMS 0.3.6 Drake CMS Drake CMS 0.3.5 Drake CMS Drake CMS 0.4.0B Drake CMS Drake CMS 0.3.4B |
| Not Vulnerable: |
Drake CMS Drake CMS 0.4.1 |
Discussion
Drake CMS Index.PHP HTTP Response Splitting Vulnerability
Drake CMS is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
This issue affects Drake CMS 0.3.4B to 0.4.0B.
Drake CMS is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
This issue affects Drake CMS 0.3.4B to 0.4.0B.
Exploit / POC
Drake CMS Index.PHP HTTP Response Splitting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Drake CMS Index.PHP HTTP Response Splitting Vulnerability
Solution:
The vendor released Drake CMS 0.4.1 to address this issue. Please see the references for more information.
Drake CMS Drake CMS 0.3.4B
Drake CMS Drake CMS 0.3.5
Drake CMS Drake CMS 0.3.6
Drake CMS Drake CMS 0.3.7 Beta
Drake CMS Drake CMS 0.3.7
Drake CMS Drake CMS 0.3.8 Beta
Drake CMS Drake CMS 0.3.9
Drake CMS Drake CMS 0.4
Solution:
The vendor released Drake CMS 0.4.1 to address this issue. Please see the references for more information.
Drake CMS Drake CMS 0.3.4B
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.3.5
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.3.6
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.3.7 Beta
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.3.7
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.3.8 Beta
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.3.9
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
Drake CMS Drake CMS 0.4
-
Cuyahoga drakecms_0.4.9_RC5_r5075.7z
http://downloads.sourceforge.net/drakecms/drakecms_0.4.9_RC5_r5075.7z? modtime=1196706442&big_mirror=0
References
Drake CMS Index.PHP HTTP Response Splitting Vulnerability
References:
References: