Snitz Forum < 3.4.05 HTTP Response Splitting
Medium Nessus Network Monitor Plugin ID 2302
SynopsisThe remote host is vulnerable to an HTTP 'response splitting' vulnerability.
DescriptionThe remote host appears to be running Snitz Forum, a web forum application implemented in ASP. It is reported that versions of Snitz Forum prior 3.4.0.04 are prone to a HTTP response splitting vulnerability. An attacker may influence how the website is served, cached and interpreted by the means of a malformed link to the web site that would alter the server HTTP headers.
SolutionUpgrade to Snitz Forum 3.4.05 or higher.