phpWebSite: HTTP response splitting vulnerability — GLSA 200411-35

phpWebSite is vulnerable to possible HTTP response splitting attacks.

Affected packages

www-apps/phpwebsite on all architectures
Affected versions < 0.9.3_p4-r2
Unaffected versions >= 0.9.3_p4-r2

Background

phpWebSite is a web site content management system.

Description

Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks.

Impact

A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.

Workaround

There is no known workaround at this time.

Resolution

All phpWebSite users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2"

References

Release date
November 26, 2004

Latest revision
May 22, 2006: 03

Severity
low

Exploitable
remote

Bugzilla entries