CVE-2005-3348

phpSysInfo 2.4 - HTTP Response Splitting via Charset Parameter

Title source: llm
STIX 2.1

Description

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

References (17)

Core 17
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17616
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15396
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15414
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17698
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-898
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17441
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416543
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-897
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17620
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17584
Various Sources x_refsource_misc
http://www.hardened-php.net/advisory_212005.81.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17570
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-899
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17643
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23107

Scores

EPSS 0.0198
EPSS Percentile 78.1%

Details

CWE
CWE-352
Status published
Products (4)
phpsysinfo/phpsysinfo 2.0
phpsysinfo/phpsysinfo 2.1
phpsysinfo/phpsysinfo 2.3
phpsysinfo/phpsysinfo 2.4
Published Nov 18, 2005
Tracked Since Feb 18, 2026