Re: ADVISORY: security hole (http response splitting) in snitz forums 2000

From: Harold Lines (hlines_at_apsc.com)
Date: 01/25/05

  • Next message: Thierry Carrez: "[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities"
    Date: 25 Jan 2005 16:37:02 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20040916150024.04B7BE5BC9@ws7-2.us4.outblaze.com>

    The bug fix was posted on the Snitz message boards on 20 September 2004:

    http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791

    "to fix this issue, simply remove the following line from down.asp (approx line 76)

    if request.form("location") <> "" then response.redirect(request.form("location"))

    it is not required."

    Snitz Forums 2000 Version 3.4.05 was released on 29 September 2004 and incorporated the bug fix:

    http://forum.snitz.com/forum/topic.asp?TOPIC_ID=54957

    >Vendor status: vendor contacted several times (email to support@ and to the contact email in the code). No response from vendor.

    Note on this page:

    http://forum.snitz.com/support.asp

    "Please do not send support requests by e-mail. Due to the huge increase in support requests we can't answer those anymore. But you'll notice that your question, if posted in the support forums, will be answered prompt."

    There is a "DEV Bug Reports (Open)" forum on their discussion board:

    http://forum.snitz.com/forum/forum.asp?FORUM_ID=11


  • Next message: Thierry Carrez: "[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities"

    Relevant Pages

    • Announcement: Super 4.00 - a suite of J2EE tools.
      ... Super 4.00 - a suite of J2EE tools. ... Support for both native protocol mode and HTTP/HTTPS ... SuperLogging, SuperReport and SuperScheduler. ... Bug fix: ...
      (comp.lang.java.softwaretools)
    • Announcement: Super 4.00 - a suite of EJB/J2EE monitoring/admin tools.
      ... Acelet is the leader in J2EE tools area. ... Support for both native protocol mode and HTTP/HTTPS ... SuperLogging, SuperReport and SuperScheduler. ... Bug fix: ...
      (comp.lang.java.programmer)
    • 2.6.29.6-217.2.3 - Unresolved symbols error messages during make modules_install
      ... Dear list, I posed this problem before, but since it was in an unsupported driver (staging area), it wade clear to all that no support or bug fix was/were forthcoming. ...
      (Fedora)
    • Re: EM and TSO
      ... adapters, I did this more for avoidance rather than a bug fix, and ... Does this change remove support or just disable it by default? ... device = '82546EB Dual Port Gigabit Ethernet Controller ' ...
      (freebsd-net)
    • Re: EM and TSO
      ... adapters, I did this more for avoidance rather than a bug fix, and ... Does this change remove support or just disable it by default? ... device = '82546EB Dual Port Gigabit Ethernet Controller ' ...
      (freebsd-current)