-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TeamSHATTER Security Advisory
HTTP Response Splitting in Oracle Enterprise Manager (policyViewSettings)
February 20, 2013
Risk Level:
Medium
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of
Application Security Inc.
Details:
HTTP Response Splitting is a web application vulnerability where input
parameters are unsafely used in response headers allowing an attacker to make
the server print one (or more) new line sequences in the header section which
allows to set arbitrary headers, take control of the body, or break the
response into two or more separate responses. This can be used to perform
cross-site scripting, cross-user defacement and web cache poisoning, among
other attacks. The 'pagename' parameter of web page
/em/console/ecm/policy/
attacks.
Impact:
An attacker that convinces a valid Oracle Enterprise Manager user to click or
open a malicious link can take over the user's session.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Fix:
Apply January 2013 CPU.
CVE:
CVE-2013-0354
Links:
http://www.oracle.com/
https://www.teamshatter.com/?
Timeline:
Vendor Notification - 6/25/2012
Vendor Response - 6/29/2012
Fix - 1/15/2013
Public Disclosure - 2/20/2013
- --
______________________________
Copyright (c) 2013 Application Security, Inc.
http://www.appsecinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlEmbcQACgkQRx91im
EM4AoKvhlJs8KHaJfLQLBdhMWgnzx5
=xePM
-----END PGP SIGNATURE-----
Courtesy: securityfocus.com
Hash: SHA1
TeamSHATTER Security Advisory
HTTP Response Splitting in Oracle Enterprise Manager (policyViewSettings)
February 20, 2013
Risk Level:
Medium
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of
Application Security Inc.
Details:
HTTP Response Splitting is a web application vulnerability where input
parameters are unsafely used in response headers allowing an attacker to make
the server print one (or more) new line sequences in the header section which
allows to set arbitrary headers, take control of the body, or break the
response into two or more separate responses. This can be used to perform
cross-site scripting, cross-user defacement and web cache poisoning, among
other attacks. The 'pagename' parameter of web page
/em/console/ecm/policy/
attacks.
Impact:
An attacker that convinces a valid Oracle Enterprise Manager user to click or
open a malicious link can take over the user's session.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
There is no workaround for this vulnerability.
Fix:
Apply January 2013 CPU.
CVE:
CVE-2013-0354
Links:
http://www.oracle.com/
https://www.teamshatter.com/?
Timeline:
Vendor Notification - 6/25/2012
Vendor Response - 6/29/2012
Fix - 1/15/2013
Public Disclosure - 2/20/2013
- --
______________________________
Copyright (c) 2013 Application Security, Inc.
http://www.appsecinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlEmbcQACgkQRx91im
EM4AoKvhlJs8KHaJfLQLBdhMWgnzx5
=xePM
-----END PGP SIGNATURE-----
Courtesy: securityfocus.com
No comments:
Post a Comment