CVE-2005-3348

NameCVE-2005-3348
DescriptionHTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-897-1, DSA-898-1, DSA-899-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs339079
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpsysinfo (PTS)squeeze3.0~rc6-1.1fixed
stretch, jessie, wheezy3.0.17-1fixed
sid3.2.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
egroupwaresource(unstable)1.0.0.009.dfsg-3-3medium
egroupwaresourcesarge1.0.0.007-2.dfsg-2sarge4mediumDSA-899-1
phpgroupwaresource(unstable)0.9.16.008-2medium
phpgroupwaresourcesarge0.9.16.005-3.sarge4mediumDSA-898-1
phpgroupwaresourcewoody0.9.14-0.RC3.2.woody5mediumDSA-898-1
phpsysinfosource(unstable)2.3-7medium339079
phpsysinfosourcesarge2.3-4sarge1mediumDSA-897-1
phpsysinfosourcewoody2.0-3woody3mediumDSA-897-1

Search for package or bug name: Reporting problems