lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051021170038.62AE.SNSADV@lac.co.jp>
Date: Fri, 21 Oct 2005 17:02:31 +0900
From: snsadv@....co.jp (snsadv)
To: bugtraq@...urityfocus.com
Subject: [SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability


----------------------------------------------------------------------
SNS Advisory No.84
Oracle Application Server HTTP Response Splitting Vulnerability

Problem first discovered on: Tue, 01 Feb 2005
Published on: Tue, 21 Oct 2005
----------------------------------------------------------------------

Severity Level:
---------------
  Medium


Overview:
---------
  Oracle Application Server has vulnerabilities of HTTP Response Splitting. 
  This makes possible to represent an unreal content as if it is real or
  to cause Cross Site Scripting attacks.


Problem Description:
--------------------
  Oracle Application Server has Session URL Rewriting function, which can embed 
  and specify session management parameters in URL. 

  In Session URL Rewriting function, the server does not sanitize Special
  character appropriately when resetting the specified session
  management parameters as Cookie. 

  Therefore, arbitrary HTTP header or content can be outputted as the
  response when specifying session management parameters including
  arbitrary content prefixed with a linefeed code.

  In the result, representing unreal content as if it is real or causing 
  Cross Site Scripting attacks can be possible. And this might be
  exploited for Phishing Fraud, Session Hijack, and so on.


Tested Versions:
----------------
  Oracle9i Application Server Release 2 (9.0.2.3)
  Oracle Application Server 10g Release 1 (9.0.4.2)
  Oracle Application Server 10g Release 2 (10.1.2.0)


Solution:
---------
  Apply Critical Patch Update - October 2005
  http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html


Discovered by:
--------------
  Keigo Yamazaki (LAC) 


Disclaimer:
-----------
  The information contained in this advisory may be revised without prior
  notice and is provided as it is. Users shall take their own risk when
  taking any actions following reading this advisory. LAC Co., Ltd.
  shall take no responsibility for any problems, loss or damage caused
  by, or by the use of information provided here.

  This advisory can be found at the following URL:
  http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/84_e.html
----------------------------------------------------------------------




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ