CVE Vulnerability

CVE-2007-2046

Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://forum.openads.org/index.php?showtopic=503413399&pid=39136 Patch
http://sourceforge.net/forum/forum.php?forum_id=685278
http://sourceforge.net/project/shownotes.php?release_id=500343
http://secunia.com/advisories/24876 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/1364
Configurations

Configuration 1

cpe:2.3:a:openads:openads:*:*:*:*:*:*:*:*
cpe:2.3:a:openads:openads:*:*:postgresql:*:*:*:*:*
Information

Published : 2007-04-16 10:19

Updated : 2011-03-08 02:53

NVD link : CVE-2007-2046

Mitre link : CVE-2007-2046

Products Affected
No products.
CWE
NVD-CWE-Other