CVE-2004-1620

{"id": "CVE-2004-1620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-10-21T04:00:00.000", "references": [{"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49&view=markup", "source": "cve@mitre.org"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10&view=markup", "source": "cve@mitre.org"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52&view=markup", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109841283115808&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12909/", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011864", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=276694", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11013", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11038", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11039", "source": "cve@mitre.org"}, {"url": "http://www.s9y.org/5.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11497", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php."}], "lastModified": "2017-07-11T01:31:11.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7"}, {"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}