Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: attack

osCommerce Multiple HTTP Response Splitting Vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
Checks for multiple HTTP response splitting vulnerabilities in osCommerce

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is susceptible
to multiple HTTP Response splitting attacks.

Description :

The remote host is running osCommerce, an open-source e-commerce
system.

The version of osCommerce on the remote host suffers from multiple
HTTP response splitting vulnerabilities due to its failure to sanitize
user-supplied input to various parameters of the
'includes/application_top.php' script, the 'goto' parameter of the
'banner.php' script, and possibly others. An attack can exploit these
flaws to inject malicious text into HTTP headers, possibly resulting
in the theft of session identifiers and/or misrepresentation of the
affected site.

See also :

http://www.gulftech.org/?node=research&article_id=00080-06102005
http://archives.neohapsis.com/archives/bugtraq/2005-06/0068.html

Solution :

Unknown at this time.

Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.