NuytsTech Security

CVE-2004-2512

by ·

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.

Date published : 2005-10-25

http://www.securityfocus.com/bid/11340

http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html

Tags: