Summary
This host is installed with WebCollab and is prone to HTTP response splitting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTTP headers, which will be included in a response sent to the user.
Impact Level: Application
Solution
Upgrade to WebCollab 3.31 or later,
For updates refer to http://webcollab.sourceforge.net
Insight
Input passed via the 'item' GET parameter to help/help_language.php is not properly sanitised before being returned to the user.
Affected
WebCollab versions 3.30 and prior.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to inject malicious data in header or not.
References
Severity
Classification
-
CVE CVE-2013-2652 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities