CVE-2006-3105

medium

Description

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27348

http://www.securityfocus.com/archive/1/437491/100/0/threaded

http://www.osvdb.org/26590

http://www.bitweaver.org/articles/45

http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358

http://securityreason.com/securityalert/1115

Details

Source: Mitre, NVD

Published: 2006-06-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02909