Signature Detail
Short Name |
HTTP:REQERR:URL-LF-CR |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Url Encoded New Line |
Release Date |
2010/06/30 |
Update Number |
1723 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Url Encoded New Line
This signature detects the presence of a encoded new line inside of a URI. An encoded new line in a URI can have multiple impacts on the Web server, the most common being the injection of a header, which can be used to leverage other attacks inside vulnerable clients.
Extended Description
Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerability affects the following supported versions: 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3
Affected Products
- Oracle Weblogic Server 10.0 MP2
- Oracle Weblogic Server 10.3.2
- Oracle Weblogic Server 10.3.3
- Oracle Weblogic Server 7.0 SP7
- Oracle Weblogic Server 8.1 SP6
- Oracle Weblogic Server 9.0 GA
- Oracle Weblogic Server 9.1
- Oracle Weblogic Server 9.1 GA
- Oracle Weblogic Server 9.2 MP3
References
- BugTraq: 41159
- BugTraq: 41620
- CVE: CVE-2008-7257
- CVE: CVE-2010-2375
- URL: http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
- URL: http://www.secureworks.com/ctu/advisories/SWRX-2010-001