Openads Adclick.PHP HTTP Response Splitting Vulnerability
BID:23442
Info
Openads Adclick.PHP HTTP Response Splitting Vulnerability
| Bugtraq ID: | 23442 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2007 12:00AM |
| Updated: | Apr 13 2007 06:51PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Openads Openads 2.0.11 Openads Openads 2.0.10 |
| Not Vulnerable: |
Openads Openads 2.0.11-pr1 |
Discussion
Openads Adclick.PHP HTTP Response Splitting Vulnerability
Openads is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Versions prior to 2.0.11-pr1 are affected by this issue.
Openads is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Versions prior to 2.0.11-pr1 are affected by this issue.
Exploit / POC
Openads Adclick.PHP HTTP Response Splitting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Openads Adclick.PHP HTTP Response Splitting Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Openads Openads 2.0.10
Openads Openads 2.0.11
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Openads Openads 2.0.10
-
Openads Openads-2.0.11-pr1.zip
http://download.openads.org/Openads-2.0.11-pr1.zip
Openads Openads 2.0.11
-
Openads Openads-2.0.11-pr1.zip
http://download.openads.org/Openads-2.0.11-pr1.zip
References
Openads Adclick.PHP HTTP Response Splitting Vulnerability
References:
References:
- ChangeLog-2.0.11-pr1 (Openads)
- Openads Homepage (Openads)
- [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed (Openads)