CVE-2005-0843 in Phoruminfo

Summary

by MITRE

CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 09/14/2025

The CVE-2005-0843 vulnerability represents a critical HTTP response splitting flaw discovered in Phorum version 5.0.14a, specifically within the search.php script. This vulnerability stems from inadequate input validation and sanitization of user-supplied data, particularly the body parameter that gets incorporated into HTTP response headers. The flaw enables malicious actors to inject malicious content into HTTP responses, potentially allowing them to manipulate web application behavior and compromise user sessions. The vulnerability operates at the application layer and specifically targets the HTTP protocol implementation within the web application framework.

The technical mechanism of this CRLF injection vulnerability exploits the absence of proper sanitization for carriage return and line feed characters within the body parameter processing. When an attacker submits malicious input containing CRLF sequences, these characters are not properly escaped or filtered before being included in the Location header of the HTTP response. This creates an opportunity for attackers to inject additional HTTP headers or manipulate the response structure. The vulnerability specifically affects the Location header, which is commonly used for redirects, making it particularly dangerous as it can be leveraged to perform open redirect attacks or inject malicious content into web responses.

The operational impact of this vulnerability extends beyond simple data manipulation, as it enables sophisticated attack vectors that can compromise user security and application integrity. Attackers can exploit this flaw to perform session hijacking, redirect users to malicious websites, inject malicious content into responses, or even create persistent cross-site scripting opportunities. The vulnerability affects the core functionality of the web application's redirect mechanism, potentially allowing unauthorized access to sensitive resources or manipulation of user navigation paths. This type of vulnerability is particularly concerning in web applications where user input directly influences response headers, as it can lead to complete compromise of the application's security posture.

This vulnerability aligns with CWE-113, which specifically addresses "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", and corresponds to ATT&CK technique T1190, "Exploit Public-Facing Application". The flaw demonstrates the classic pattern of insufficient input validation in web applications that process user-supplied data for inclusion in HTTP response headers. Security practitioners should note that this vulnerability represents a fundamental weakness in the application's security architecture, particularly in how it handles user input and HTTP response construction. The remediation approach requires implementing proper input sanitization and validation for all user-supplied data that gets incorporated into HTTP headers, along with ensuring that CRLF characters are properly escaped or filtered. Organizations should also consider implementing web application firewalls and input validation mechanisms to detect and prevent such attacks. The vulnerability underscores the importance of following secure coding practices and adhering to the principle of least privilege when handling user input in web applications, particularly those that generate HTTP responses with dynamic content.

Reservation

03/24/2005

Disclosure

05/02/2005

Moderation

accepted

Entry

VDB-24662

CPE

ready

Exploit

Download

EPSS

0.03903

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!