phpPGAds/phpAdNew < 2.0.2 HTTP Response Splitting

low Nessus Network Monitor Plugin ID 2575

Synopsis

The remote host is vulnerable to an HTTP splitting attack.

Description

There is a flaw in the remote phpAdNew/phpPgAds PHP Ads server, a banner management and tracking system written in PHP. This version of phpAdNew/phpPgAds is vulnerable to a HTTP response splitting vulnerability. An attacker exploiting this flaw would be able to redirect users to another site to steal their credentials.

Solution

Upgrade to version 2.0.2 or higher.

Plugin Details

Severity: Low

ID: 2575

Family: Web Servers

Published: 1/29/2005

Updated: 3/6/2019

Nessus ID: 16276

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Reference Information

BID: 12398

Detections

Analytics