Vulnerability Name:

CVE-2004-1584 (CCN-17649)

Assigned:2004-10-06
Published:2004-10-06
Updated:2017-07-11
Summary:CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Wed Oct 06 2004 - 18:41:02 CDT
HTTP Response Splitting Vulnerability in Wordpress 1.2

Source: MITRE
Type: CNA
CVE-2004-1584

Source: BUGTRAQ
Type: UNKNOWN
20041006 HTTP Response Splitting Vulnerability in Wordpress 1.2

Source: CCN
Type: SA12773
Wordpress "wp-login.php" HTTP Response Splitting Vulnerability

Source: SECUNIA
Type: Patch
12773

Source: CCN
Type: WordPress Web site
WordPress

Source: CONFIRM
Type: Patch
http://wordpress.org/development/2004/10/wp-121/

Source: CCN
Type: GLSA-200410-12
WordPress: HTTP response splitting and XSS vulnerabilities

Source: GENTOO
Type: Patch
GLSA-200410-12

Source: CCN
Type: OSVDB ID: 10595
WordPress wp-login.php HTTP Response Splitting

Source: BID
Type: Exploit, Patch
11348

Source: CCN
Type: BID-11348
Wordpress Wp-login.PHP HTTP Response Splitting Vulnerability

Source: XF
Type: UNKNOWN
wordpress-response-splitting(17649)

Source: XF
Type: UNKNOWN
wordpress-response-splitting(17649)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wordpress:wordpress:1.2:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:wordpress:wordpress:1.2:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    wordpress wordpress 1.2
    wordpress wordpress 1.2
    gentoo linux *