Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
BID:25190
Info
Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
| Bugtraq ID: | 25190 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4164 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Sun Java System Web Server 6.1 SP7 Sun Java System Web Server 6.1 SP6 Sun Java System Web Server 6.1 SP5 Sun Java System Web Server 6.1 SP4 Sun Java System Web Server 6.1 SP3 Sun Java System Web Server 6.1 SP2 Sun Java System Web Server 6.1 SP1 Sun Java System Web Server 6.1 Sun Java System Web Server 7.0 Sun Java System Web Server 6.1 |
| Not Vulnerable: |
Sun Java System Web Server 6.1 SP8 Sun Java System Web Server 7.0 Update 1 |
Discussion
Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
Sun Java System Web Server is prone to multiple vulnerabilities regarding 'redirect' functionality. The vulnerabilities include HTTP-response splitting, HTTP-header injection, and unauthorized access to system resources.
An attacker may exploit the HTTP-response-splitting vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Attackers typically exploit HTTP-header-injection issues to inject arbitrary cookie attributes into a session cookie. Since session IDs are usually stored in cookie form, an attacker can inject arbitrary cookie data attributes into a session cookie and then launch various attacks on active web sessions.
Sun Java System Web Server is prone to multiple vulnerabilities regarding 'redirect' functionality. The vulnerabilities include HTTP-response splitting, HTTP-header injection, and unauthorized access to system resources.
An attacker may exploit the HTTP-response-splitting vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Attackers typically exploit HTTP-header-injection issues to inject arbitrary cookie attributes into a session cookie. Since session IDs are usually stored in cookie form, an attacker can inject arbitrary cookie data attributes into a session cookie and then launch various attacks on active web sessions.
Exploit / POC
Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
To exploit some of these issues, an attacker can use common client applications.
To exploit the splitting and injection issues on client machines, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit some of these issues, an attacker can use common client applications.
To exploit the splitting and injection issues on client machines, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
Solution:
The vendor has released service packs and updates to address these issues. Please see the references for more information.
Sun Java System Web Server 7.0
Sun Java System Web Server 6.1 SP7
Solution:
The vendor has released service packs and updates to address these issues. Please see the references for more information.
Sun Java System Web Server 7.0
-
Sun Sun Java System Web Server 7.0 Update 1
http://www.sun.com/download/products.xml?id=467713d6
Sun Java System Web Server 6.1 SP7
-
Sun Sun Java System Web Server 6.1 SP8
http://www.sun.com/download/products.xml?id=4694392a
References
Sun Java System Web Server Multiple HTTP Redirect Vulnerabilities
References:
References:
- Sun Java System Web Server (Sun Microsystems)
- Vulnerability in Redirect Functionality Affects Sun Java System Web Server (Sun Microsystems)