This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:REQERR:HEADER-INJECT
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
URL Header Injection
|
Release Date |
2004/03/10
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: URL Header Injection
This signature detects attempts to exploit an input validation vulnerability in HTTP. Attackers can use encoded CR/LF (carriage return/line feed) characters in an HTTP response header to split HTTP responses into multiple parts, enabling them to misrepresent Web content to the recipient.
Extended Description
A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. These attacks are described under the general category of HTTP Response Splitting and involve abusing various input validation flaws in these implementations to split HTTP responses into multiple parts in such a way that response data may be misrepresented to client users.
Exploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust.
While the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses.
This vulnerability could also aid in exploitation of cross-site scripting vulnerabilities.
Affected Products
- Apache_software_foundation apache 2.0.0
- Apache_software_foundation apache 2.0.28
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 2.0.40
- Apache_software_foundation apache 2.0.41
- Apache_software_foundation apache 2.0.42
- Apache_software_foundation apache 2.0.43
- Apache_software_foundation apache 2.0.44
- Apache_software_foundation apache 2.0.45
- Apache_software_foundation apache 2.0.46
- Apache_software_foundation apache 2.0.47
- Apache_software_foundation apache 2.0.48
- Apache_software_foundation tomcat 4.1.24
- Bea_systems weblogic_server 8.1.0
- Bea_systems weblogic_server 8.1.0 SP 1
- Bea_systems weblogic_server_for_win32 8.1.0
- Bea_systems weblogic_server_for_win32 8.1.0 SP 1
- Ibm websphere_application_server 5.0.0
- Ibm websphere_application_server 5.0.1
- Ibm websphere_application_server 5.0.2
- Ibm websphere_application_server 5.0.2 .1
- Ibm websphere_application_server 5.0.2 .3
- Ibm websphere_application_server 5.0.2 .4
- Ibm websphere_application_server 5.0.2 .5
- Ibm websphere_application_server 5.0.2 .6
- Ibm websphere_application_server 5.1.0
- Ibm websphere_application_server 5.1.0 .0.2
- Ibm websphere_application_server 5.1.0 .0.3
- Ibm websphere_application_server 5.1.0 .0.4
- Ibm websphere_application_server 5.1.0 .0.5
- Ibm websphere_application_server 5.1.1
- Macromedia coldfusion_server_mx 6.0.0
- Macromedia coldfusion_server_mx 6.1.0
- Microsoft asp 3.0
- Microsoft asp.net 1.0
- Microsoft asp.net 1.1
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 6.0 SP1
- Microsoft isa_server_2000 SP1
- Microsoft isa_server_2000
- National_science_foundation squid_web_proxy 2.4.0
- National_science_foundation squid_web_proxy 2.4.0 DEVEL2
- National_science_foundation squid_web_proxy 2.4.0 DEVEL4
- National_science_foundation squid_web_proxy 2.4.0 PRE-STABLE
- National_science_foundation squid_web_proxy 2.4.0 PRE-STABLE2
- National_science_foundation squid_web_proxy 2.4.0 STABLE1
- National_science_foundation squid_web_proxy 2.4.0 STABLE2
- National_science_foundation squid_web_proxy 2.4.0 STABLE2-2
- National_science_foundation squid_web_proxy 2.4.0 STABLE2-3
- National_science_foundation squid_web_proxy 2.4.0 STABLE3
- National_science_foundation squid_web_proxy 2.4.0 STABLE4
- National_science_foundation squid_web_proxy 2.4.0 STABLE6
- National_science_foundation squid_web_proxy 2.4.0 STABLE7
- Netapp netcache 5.2.0
- Squid web_proxy_cache 2.3.0 .STABLE4
- Squid web_proxy_cache 2.3.0 .STABLE5
- Squid web_proxy_cache 2.4.0
- Squid web_proxy_cache 2.4.0 .STABLE2
- Squid web_proxy_cache 2.4.0 .STABLE6
- Squid web_proxy_cache 2.4.0 .STABLE7
- Squid web_proxy_cache 2.5.0 .STABLE1
- Squid web_proxy_cache 2.5.0 .STABLE3
- Squid web_proxy_cache 2.5.0 .STABLE4
- Squid web_proxy_cache 2.5.0 .STABLE5
- Squid web_proxy_cache 2.5.0 .STABLE6
- Squid web_proxy_cache 2.5.0 .STABLE7
- Sun java_system_web_server 6.1.0
References