Required CVE Record Information
Description
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
References 7 Total
- http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358
- http://retrogod.altervista.org/bitweaver_13_xpl.html
- osvdb.org: 26590 vdb-entry
- http://www.bitweaver.org/articles/45
- securityreason.com: 1115 third-party-advisory
- exchange.xforce.ibmcloud.com: bitweaver-crlf-header-injection(27348) vdb-entry
- securityfocus.com: 20060617 bitweaver <= v1.3 multiple vulnerabilities mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358 x_transferred
- http://retrogod.altervista.org/bitweaver_13_xpl.html x_transferred
- osvdb.org: 26590 vdb-entryx_transferred
- http://www.bitweaver.org/articles/45 x_transferred
- securityreason.com: 1115 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: bitweaver-crlf-header-injection(27348) vdb-entryx_transferred
- securityfocus.com: 20060617 bitweaver <= v1.3 multiple vulnerabilities mailing-listx_transferred