CubeCart Multiple HTTP Response Splitting Vulnerabilities

Bugtraq ID:	23852
Class:	Input Validation Error
CVE:	CVE-2007-2550
Remote:	Yes
Local:	No
Published:	May 07 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	John Martinelli is credited with the discovery of these vulnerabilities.
Vulnerable:	CubeCart CubeCart 3.0.15
Not Vulnerable:

CubeCart Multiple HTTP Response Splitting Vulnerabilities

CubeCart is prone to multiple HTTP-response-splitting vulnerabilities because it fails to sanitize user-supplied input.

A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

These issues affect CubeCart 3.0.15; other versions may also be affected.

CubeCart Multiple HTTP Response Splitting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

CubeCart Multiple HTTP Response Splitting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

CubeCart Multiple HTTP Response Splitting Vulnerabilities

References:

• CubeCart Homepage (CubeCart)
  
• UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability ([email protected])