Snitz Forum < 3.4.05 HTTP Response Splitting

Medium Nessus Network Monitor Plugin ID 2302


The remote host is vulnerable to an HTTP 'response splitting' vulnerability.


The remote host appears to be running Snitz Forum, a web forum application implemented in ASP. It is reported that versions of Snitz Forum prior are prone to a HTTP response splitting vulnerability. An attacker may influence how the website is served, cached and interpreted by the means of a malformed link to the web site that would alter the server HTTP headers.


Upgrade to Snitz Forum 3.4.05 or higher.

Plugin Details

Severity: Medium

ID: 2302

Family: CGI

Published: 2004/09/21

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2004-1687

BID: 11201