1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200411-35 / phpwebsite |
| Release Date | November 26, 2004 |
| Latest Revision | May 22, 2006: 03 |
| Impact | low |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-apps/phpwebsite | < 0.9.3_p4-r2 | >= 0.9.3_p4-r2 | All supported architectures |
Related bugreports: #71502
phpWebSite is vulnerable to possible HTTP response splitting attacks.
phpWebSite is a web site content management system.
Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks.
A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.
There is no known workaround at this time.
All phpWebSite users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.9.3_p4-r2" |