CVE-2006-3105

Bitweaver 1.3 - HTTP Response Splitting

Title source: llm

Description

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1918

View Code ZIP pw:eip

References (7)

[Exploit] http://retrogod.altervista.org/bitweaver_13_xpl.html

[Product] http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358

[Various Sources] http://www.bitweaver.org/articles/45

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/437491/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27348

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26590

[Third Party Advisory] http://securityreason.com/securityalert/1115

Scores

EPSS 0.0408

EPSS Percentile 88.6%

Details

Status published

Products (1)

bitweaver/bitweaver 1.3

Published Jun 21, 2006

Tracked Since Feb 18, 2026