CVE-2004-1516 | Vulnerability Database | Aqua Security

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.

Affected Software

Name	Vendor	Start Version	End Version
Phpwebsite	Phpwebsite	0.7.3 (including)	0.7.3 (including)
Phpwebsite	Phpwebsite	0.8.2 (including)	0.8.2 (including)
Phpwebsite	Phpwebsite	0.8.3 (including)	0.8.3 (including)
Phpwebsite	Phpwebsite	0.9.3 (including)	0.9.3 (including)
Phpwebsite	Phpwebsite	0.9.3.1 (including)	0.9.3.1 (including)
Phpwebsite	Phpwebsite	0.9.3.2 (including)	0.9.3.2 (including)
Phpwebsite	Phpwebsite	0.9.3.3 (including)	0.9.3.3 (including)
Phpwebsite	Phpwebsite	0.9.3.4 (including)	0.9.3.4 (including)

References

http://marc.info/?l=bugtraq\u0026m=110022027420583\u0026w=2
http://phpwebsite.appstate.edu/index.php?module=announce\u0026ANN_id=863\u0026ANN_user_op=view
http://secunia.com/advisories/13172/
http://security.gentoo.org/glsa/glsa-200411-35.xml
http://www.securityfocus.com/bid/11673
https://exchange.xforce.ibmcloud.com/vulnerabilities/18046

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1516
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html