CVE-2004-1470

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=109518773223511&w=2
http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml	Patch
http://www.securityfocus.com/bid/11180	Exploit Patch
http://www.snipsnap.org/space/start
https://exchange.xforce.ibmcloud.com/vulnerabilities/17364
http://marc.info/?l=bugtraq&m=109518773223511&w=2
http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml	Patch
http://www.securityfocus.com/bid/11180	Exploit Patch
http://www.snipsnap.org/space/start
https://exchange.xforce.ibmcloud.com/vulnerabilities/17364

Configurations

Configuration 1 (hide)

cpe:2.3:a:snipsnap:snipsnap:0.5.2a:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1470

Mitre link : CVE-2004-1470

CVE.ORG link : CVE-2004-1470

JSON object : View

Products Affected

snipsnap

snipsnap

CWE

NVD-CWE-Other

{"id": "CVE-2004-1470", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109518773223511&w=2", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11180", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.snipsnap.org/space/start", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17364", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109518773223511&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11180", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.snipsnap.org/space/start", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17364", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snipsnap:snipsnap:0.5.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F8F25A9-E2D2-4781-89C3-AF61C22167DD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}