CVE-2004-1584 : Detail

CVE-2004-1584

3.44%V3
Network
2005-02-20
04h00 +00:00
2017-07-10
12h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 570

Publication date : 2004-10-09 22h00 +00:00
Author : Tenable NS
EDB Verified : Yes

# # This script is (C) Tenable Network Security # # if(description) { script_id(15443); script_bugtraq_id(11348); script_version ("$Revision: 1.1 $"); name["english"] = "WordPress HTTP Splitting Vulnerability"; script_name(english:name["english"]); desc["english"] = " The remote host is running WordPress BLOG, a web blog manager written in PHP. The remote version of this software is vulnerable to an HTTP-splitting attack wherein an attacker can insert CR LF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header which was supplied by the attacker. Solution : Upgrade to the latest version of this software Risk factor : Medium"; script_description(english:desc["english"]); summary["english"] = "Checks for the presence of WordPress"; script_summary(english:summary["english"]); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security", francais:"Ce script est Copyright (C) 2004 Tenable Network Security"); family["english"] = "CGI abuses"; family["francais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80); if(!get_port_state(port))exit(0); if(!can_host_php(port:port))exit(0); # The actual attack requires credentials -> do a banner check function check(loc) { res = http_keepalive_send_recv(port:port, data:http_get(item:loc + "/index.php", port:port)); if ( res == NULL ) exit(0); res = str_replace(find:'\n', replace:'', string:res); res = str_replace(find:'\r', replace:'', string:res); if ( "WordPress" >< res && egrep(pattern:'<meta name="generator" content="WordPress (0\\.|1\\.([01]|2"))', string:res)) { security_warning(port); exit(0); } } foreach dir ( cgi_dirs() ) { check(loc:dir); } # milw0rm.com [2004-10-10]

Products Mentioned

Configuraton 0

Wordpress>>Wordpress >> Version 1.2

References

http://marc.info/?l=bugtraq&m=109716327724041&w=2
Tags : mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/11348
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/12773
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200410-12.xml
Tags : vendor-advisory, x_refsource_GENTOO