Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:REQERR:HEADER-INJECT

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Response Split Spliting Carriage Return Linefeed

Release Date

 2004/03/10

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: URL Header Injection


This signature detects attempts to exploit an input validation vulnerability in HTTP. Attackers can use encoded CR/LF (carriage return/line feed) characters in an HTTP response header to split HTTP responses into multiple parts, enabling them to misrepresent Web content to the recipient.

Extended Description

A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. These attacks are described under the general category of HTTP Response Splitting and involve abusing various input validation flaws in these implementations to split HTTP responses into multiple parts in such a way that response data may be misrepresented to client users. Exploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. While the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. This vulnerability could also aid in exploitation of cross-site scripting vulnerabilities.

Affected Products

  • Apache Software Foundation Apache 2.0.0
  • Apache Software Foundation Apache 2.0.28
  • Apache Software Foundation Apache 2.0.32
  • Apache Software Foundation Apache 2.0.35
  • Apache Software Foundation Apache 2.0.36
  • Apache Software Foundation Apache 2.0.37
  • Apache Software Foundation Apache 2.0.38
  • Apache Software Foundation Apache 2.0.39
  • Apache Software Foundation Apache 2.0.40
  • Apache Software Foundation Apache 2.0.41
  • Apache Software Foundation Apache 2.0.42
  • Apache Software Foundation Apache 2.0.43
  • Apache Software Foundation Apache 2.0.44
  • Apache Software Foundation Apache 2.0.45
  • Apache Software Foundation Apache 2.0.46
  • Apache Software Foundation Apache 2.0.47
  • Apache Software Foundation Apache 2.0.48
  • Apache Software Foundation Tomcat 4.1.24
  • BEA Systems Weblogic Server 8.1.0
  • BEA Systems Weblogic Server 8.1.0 SP 1
  • BEA Systems WebLogic Server for Win32 8.1.0
  • BEA Systems WebLogic Server for Win32 8.1.0 SP 1
  • IBM Websphere Application Server 5.0.0
  • IBM Websphere Application Server 5.0.1
  • IBM Websphere Application Server 5.0.2
  • IBM Websphere Application Server 5.0.2 .1
  • IBM Websphere Application Server 5.0.2 .3
  • IBM Websphere Application Server 5.0.2 .4
  • IBM Websphere Application Server 5.0.2 .5
  • IBM Websphere Application Server 5.0.2 .6
  • IBM Websphere Application Server 5.1.0
  • IBM Websphere Application Server 5.1.0 .0.2
  • IBM Websphere Application Server 5.1.0 .0.3
  • IBM Websphere Application Server 5.1.0 .0.4
  • IBM Websphere Application Server 5.1.0 .0.5
  • IBM Websphere Application Server 5.1.1
  • Macromedia ColdFusion Server MX 6.0.0
  • Macromedia ColdFusion Server MX 6.1.0
  • Microsoft ASP 3.0
  • Microsoft ASP.NET 1.0
  • Microsoft ASP.NET 1.1
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft ISA Server 2000 SP1
  • Microsoft ISA Server 2000
  • National Science Foundation Squid Web Proxy 2.4.0
  • National Science Foundation Squid Web Proxy 2.4.0 DEVEL2
  • National Science Foundation Squid Web Proxy 2.4.0 DEVEL4
  • National Science Foundation Squid Web Proxy 2.4.0 PRE-STABLE
  • National Science Foundation Squid Web Proxy 2.4.0 PRE-STABLE2
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE1
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE2
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE2-2
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE2-3
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE3
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE4
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE6
  • National Science Foundation Squid Web Proxy 2.4.0 STABLE7
  • NetApp NetCache 5.2.0
  • Squid Web Proxy Cache 2.3.0 .STABLE4
  • Squid Web Proxy Cache 2.3.0 .STABLE5
  • Squid Web Proxy Cache 2.4.0
  • Squid Web Proxy Cache 2.4.0 .STABLE2
  • Squid Web Proxy Cache 2.4.0 .STABLE6
  • Squid Web Proxy Cache 2.4.0 .STABLE7
  • Squid Web Proxy Cache 2.5.0 .STABLE1
  • Squid Web Proxy Cache 2.5.0 .STABLE3
  • Squid Web Proxy Cache 2.5.0 .STABLE4
  • Squid Web Proxy Cache 2.5.0 .STABLE5
  • Squid Web Proxy Cache 2.5.0 .STABLE6
  • Squid Web Proxy Cache 2.5.0 .STABLE7
  • Sun Java System Web Server 6.1.0

References

  • BugTraq: 9804

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out