GLSA-200409-23 : SnipSnap: HTTP response splitting

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200409-23
(SnipSnap: HTTP response splitting)

SnipSnap contains various HTTP response splitting vulnerabilities that
could potentially compromise the sites data. Some of these attacks
include web cache poisoning, cross-user defacement, hijacking pages
with sensitive user information, and cross-site scripting. This
vulnerability is due to the lack of illegal input checking in the

Impact :

A malicious user could inject and execute arbitrary script code,
potentially compromising the victim's data or browser.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All SnipSnap users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=dev-java/snipsnap-bin-1.0_beta1'
# emerge '>=dev-java/snipsnap-bin-1.0beta1'

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14774 (gentoo_GLSA-200409-23.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1470