CVE-2005-3348

NameCVE-2005-3348
DescriptionHTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-897-1, DSA-898-1, DSA-899-1
Debian Bugs339079

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpsysinfo (PTS)bullseye3.2.5-3fixed
bookworm3.4.2-3fixed
sid, trixie3.4.3-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
egroupwaresourcesarge1.0.0.007-2.dfsg-2sarge4DSA-899-1
egroupwaresource(unstable)1.0.0.009.dfsg-3-3
phpgroupwaresourcewoody0.9.14-0.RC3.2.woody5DSA-898-1
phpgroupwaresourcesarge0.9.16.005-3.sarge4DSA-898-1
phpgroupwaresource(unstable)0.9.16.008-2
phpsysinfosourcewoody2.0-3woody3DSA-897-1
phpsysinfosourcesarge2.3-4sarge1DSA-897-1
phpsysinfosource(unstable)2.3-7339079
Search for package or bug name: Reporting problems