| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Oct 2005 17:02:31 +0900 From: snsadv@....co.jp (snsadv) To: bugtraq@...urityfocus.com Subject: [SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability ---------------------------------------------------------------------- SNS Advisory No.84 Oracle Application Server HTTP Response Splitting Vulnerability Problem first discovered on: Tue, 01 Feb 2005 Published on: Tue, 21 Oct 2005 ---------------------------------------------------------------------- Severity Level: --------------- Medium Overview: --------- Oracle Application Server has vulnerabilities of HTTP Response Splitting. This makes possible to represent an unreal content as if it is real or to cause Cross Site Scripting attacks. Problem Description: -------------------- Oracle Application Server has Session URL Rewriting function, which can embed and specify session management parameters in URL. In Session URL Rewriting function, the server does not sanitize Special character appropriately when resetting the specified session management parameters as Cookie. Therefore, arbitrary HTTP header or content can be outputted as the response when specifying session management parameters including arbitrary content prefixed with a linefeed code. In the result, representing unreal content as if it is real or causing Cross Site Scripting attacks can be possible. And this might be exploited for Phishing Fraud, Session Hijack, and so on. Tested Versions: ---------------- Oracle9i Application Server Release 2 (9.0.2.3) Oracle Application Server 10g Release 1 (9.0.4.2) Oracle Application Server 10g Release 2 (10.1.2.0) Solution: --------- Apply Critical Patch Update - October 2005 http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html Discovered by: -------------- Keigo Yamazaki (LAC) Disclaimer: ----------- The information contained in this advisory may be revised without prior notice and is provided as it is. Users shall take their own risk when taking any actions following reading this advisory. LAC Co., Ltd. shall take no responsibility for any problems, loss or damage caused by, or by the use of information provided here. This advisory can be found at the following URL: http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/84_e.html ----------------------------------------------------------------------
Powered by blists - more mailing lists