Openads Max Media Manager CK.PHP HTTP Response Splitting Vulnerability
BID:23480
Info
Openads Max Media Manager CK.PHP HTTP Response Splitting Vulnerability
| Bugtraq ID: | 23480 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2007 12:00AM |
| Updated: | Apr 13 2007 11:11PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Openads Openads 2.0.11 Openads Openads 2.0.10 Openads Openads 2.3.31-alpha-pr2 Openads Openads 2.0.11-pr1 |
| Not Vulnerable: |
Openads Openads 2.3.31-alpha-pr3 |
Discussion
Openads Max Media Manager CK.PHP HTTP Response Splitting Vulnerability
Openads is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Versions prior to 2.3.31-alpha-pr3 are affected by this issue.
Openads is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Versions prior to 2.3.31-alpha-pr3 are affected by this issue.
Exploit / POC
Openads Max Media Manager CK.PHP HTTP Response Splitting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Openads Max Media Manager CK.PHP HTTP Response Splitting Vulnerability
Solution:
The vendor has released version 2.3.31-alpha-pr3 to address this issue. Please see the references for more information.
Solution:
The vendor has released version 2.3.31-alpha-pr3 to address this issue. Please see the references for more information.
References
Openads Max Media Manager CK.PHP HTTP Response Splitting Vulnerability
References:
References:
- Openads 2.0.11-pr1 And Mmm 0.3.31-alpha-pr3 Released! (Openads)
- Openads Homepage (Openads)
- [OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulner (Matteo Beccati
)