Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-2060 | First vendor Publication | 2005-06-29 |
Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2060 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-34 | HTTP Response Splitting |
CAPEC-63 | Simple Script Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17520 | UBB.threads showprofile.php Cat Variable HTTP Response Splitting UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'showprofile.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17519 | UBB.threads togglecats.php Cat Variable HTTP Response Splitting UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'togglecats.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17518 | UBB.threads toggleshow.php Cat Variable HTTP Response Splitting UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'toggleshow.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-04-20 | Name : The remote web server contains a PHP application that is affected by numerous... File : ubbthreads_printthread_sql_injection.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:22:04 |
|
2024-11-28 12:07:12 |
|
2021-05-04 12:03:02 |
|
2021-04-22 01:03:18 |
|
2020-05-23 00:16:39 |
|
2016-10-18 12:01:43 |
|
2014-02-17 10:31:54 |
|
2013-05-11 11:27:51 |
|