WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

medium Nessus Network Monitor Plugin ID 2356

Synopsis

The remote WordPress server is vulnerable to a HTTP 'splitting' attack.

Description

Versions of WordPress prior to 1.2.1 are vulnerable to an HTTP-splitting attack where an attacker can insert CRLF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header that was supplied by the attacker.

Solution

Upgrade to version 1.2.1 or higher.

Plugin Details

Severity: Medium

ID: 2356

Family: CGI

Published: 10/7/2004

Updated: 3/6/2019

Nessus ID: 15443

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Reference Information

CVE: CVE-2004-1584

BID: 11348

Detections

Analytics

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

medium Nessus Network Monitor Plugin ID 2356

Synopsis

Description

Solution

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information