Author: Maestro (me!)
Vendor: SnipSnap (www.snipsnap.org)
Product: SnipSnap 0.5.2a
Product description (from vendor website):
SnipSnap is a free and easy to install weblog and wiki tool written in Java.
Problem: Http response splitting (web cache poisoning, xss,
POST /exec/authenticate HTTP/1.0
(replace curly braces with lessthan and greaterthan)
Vendor status: vendor fixed in version 1.0B1. From vendor website:
Tuesday, 14. September 2004
SnipSnap 1.0b1 (uttoxeter) released
SnipSnap version 1.0b1 has just been released. This release was necessary due to the demand to get updates from 0.5.2a and a security issue know as HTTP response splitting found by someone called Maestro De-Seguridad.
Java herd, please bump to release 1.0B1.
arches, please mark stable.
stable on ppc, x86
java and ppc removed from cc.
Ready for a GLSA decision
Yes, a GLSA is needed. lewk, the draft is yours.