Interchange HTTP Response Splitting Vulnerability
BID:38960
Info
Interchange HTTP Response Splitting Vulnerability
| Bugtraq ID: | 38960 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2010 12:00AM |
| Updated: | Mar 23 2010 12:00AM |
| Credit: | The vendor |
| Vulnerable: |
Interchange Interchange 5.6.2 Interchange Interchange 5.6.1 Interchange Interchange 5.4.4 Interchange Interchange 5.4.3 Interchange Interchange 5.4.2 Interchange Interchange 5.4.1 Interchange Interchange 5.6 |
| Not Vulnerable: |
Interchange Interchange 5.6.3 Interchange Interchange 5.4.5 |
Discussion
Interchange HTTP Response Splitting Vulnerability
Interchange is prone to an HTTP response-splitting vulnerability.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
Interchange versions prior to 5.6.3 and 5.4.5 are vulnerable.
Interchange is prone to an HTTP response-splitting vulnerability.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
Interchange versions prior to 5.6.3 and 5.4.5 are vulnerable.
Exploit / POC
Interchange HTTP Response Splitting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Interchange HTTP Response Splitting Vulnerability
Solution:
This issue has been addressed in Interchange 5.4.5 and 5.6.3.
Interchange Interchange 5.6
Interchange Interchange 5.4.1
Interchange Interchange 5.4.2
Interchange Interchange 5.4.3
Interchange Interchange 5.4.4
Interchange Interchange 5.6.1
Interchange Interchange 5.6.2
Solution:
This issue has been addressed in Interchange 5.4.5 and 5.6.3.
Interchange Interchange 5.6
-
Interchange interchange-5.6.3.tar.gz
http://ftp.icdevgroup.org/interchange/5.6/tar/interchange-5.6.3.tar.gz
Interchange Interchange 5.4.1
-
Interchange interchange-5.4.5.tar.gz
ftp://ftp.icdevgroup.org/pub/interchange/5.4/tar/interchange-5.4.5.tar .gz
Interchange Interchange 5.4.2
-
Interchange interchange-5.4.5.tar.gz
ftp://ftp.icdevgroup.org/pub/interchange/5.4/tar/interchange-5.4.5.tar .gz
Interchange Interchange 5.4.3
-
Interchange interchange-5.4.5.tar.gz
ftp://ftp.icdevgroup.org/pub/interchange/5.4/tar/interchange-5.4.5.tar .gz
Interchange Interchange 5.4.4
-
Interchange interchange-5.4.5.tar.gz
ftp://ftp.icdevgroup.org/pub/interchange/5.4/tar/interchange-5.4.5.tar .gz
Interchange Interchange 5.6.1
-
Interchange interchange-5.6.3.tar.gz
http://ftp.icdevgroup.org/interchange/5.6/tar/interchange-5.6.3.tar.gz
Interchange Interchange 5.6.2
-
Interchange interchange-5.6.3.tar.gz
http://ftp.icdevgroup.org/interchange/5.6/tar/interchange-5.6.3.tar.gz
References
Interchange HTTP Response Splitting Vulnerability
References:
References:
- Interchange Homepage (Interchange)
- Interchange security releases: 5.7.6, 5.6.3, 5.4.5 (Interchange)