CVE-2006-6965

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

Published: Jan 29, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-6965
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
andreas_gohr / dokuwiki	release_2006-03-09	release_2006-03-09.x
andreas_gohr / dokuwiki	release_2006-03-09e	release_2006-03-09e.x

http://osvdb.org/31620
http://secunia.com/advisories/23926
http://secunia.com/advisories/24853
http://security.gentoo.org/glsa/glsa-200704-08.xml
http://sla.ckers.org/forum/read.php?3,880,1361#msg-1361
http://sla.ckers.org/forum/read.php?3%2C880%2C1361#msg-1361
http://www.securityfocus.com/bid/22236
http://www.vupen.com/english/advisories/2007/0357
https://exchange.xforce.ibmcloud.com/vulnerabilities/31930

Vulnerability Database

289,697

CVE-2006-6965