GLSA-200411-35 : phpWebSite: HTTP response splitting vulnerability
Medium Nessus Plugin ID 15837
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200411-35 (phpWebSite: HTTP response splitting vulnerability)
Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks.
A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.
There is no known workaround at this time.
SolutionAll phpWebSite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/phpwebsite-0.9.3_p4-r2'