SNS Advisory 84

SNS Advisory 84: Posted Oct 26, 2005; Authored by Little eArth Corporation | Site lac.co.jp; SNS Advisory 84 - Oracle Application Server has vulnerabilities of HTTP Response Splitting. This makes possible to represent an unreal content as if it is real or to cause Cross Site Scripting attacks.; tags | advisory, web, vulnerability, xss; SHA-256 | d2593262db3bce5fcc290a10c71016c69956f1b4127c661c1b9c404cf7abd8d5; Download | Favorite | View

SNS Advisory 84

----------------------------------------------------------------------
SNS Advisory No.84
Oracle Application Server HTTP Response Splitting Vulnerability

Problem first discovered on: Tue, 01 Feb 2005
Published on: Tue, 21 Oct 2005
----------------------------------------------------------------------

Severity Level:
---------------
  Medium


Overview:
---------
  Oracle Application Server has vulnerabilities of HTTP Response Splitting. 
  This makes possible to represent an unreal content as if it is real or
  to cause Cross Site Scripting attacks.


Problem Description:
--------------------
  Oracle Application Server has Session URL Rewriting function, which can embed 
  and specify session management parameters in URL. 

  In Session URL Rewriting function, the server does not sanitize Special
  character appropriately when resetting the specified session
  management parameters as Cookie. 

  Therefore, arbitrary HTTP header or content can be outputted as the
  response when specifying session management parameters including
  arbitrary content prefixed with a linefeed code.

  In the result, representing unreal content as if it is real or causing 
  Cross Site Scripting attacks can be possible. And this might be
  exploited for Phishing Fraud, Session Hijack, and so on.


Tested Versions:
----------------
  Oracle9i Application Server Release 2 (9.0.2.3)
  Oracle Application Server 10g Release 1 (9.0.4.2)
  Oracle Application Server 10g Release 2 (10.1.2.0)


Solution:
---------
  Apply Critical Patch Update - October 2005
  http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html


Discovered by:
--------------
  Keigo Yamazaki (LAC) 


Disclaimer:
-----------
  The information contained in this advisory may be revised without prior
  notice and is provided as it is. Users shall take their own risk when
  taking any actions following reading this advisory. LAC Co., Ltd.
  shall take no responsibility for any problems, loss or damage caused
  by, or by the use of information provided here.

  This advisory can be found at the following URL:
  http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/84_e.html
----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

SNS Advisory 84

SNS Advisory 84

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SNS Advisory 84

Share This

SNS Advisory 84

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems