phpPGAds/phpAdNew < 2.0.2 HTTP Response Splitting

Medium Nessus Network Monitor Plugin ID 2575

Synopsis

The remote host is vulnerable to an HTTP splitting attack.

Description

There is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner management and tracking system written in PHP. This version of phpAdNew/phpPgAds is vulnerable to a HTTP response splitting vulnerability. An attacker exploiting this flaw would be able to redirect users to another site to steal their credentials.

Solution

Upgrade to version 2.0.2 or higher.

Plugin Details

Severity: Medium

ID: 2575

Family: Web Servers

Published: 2005/01/29

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 16276

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

BID: 12398