Prestashop 'displayImage.php' HTTP Response Splitting Vulnerability
BID:50785
Info
Prestashop 'displayImage.php' HTTP Response Splitting Vulnerability
| Bugtraq ID: | 50785 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4545 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 23 2011 12:00AM |
| Updated: | Dec 05 2011 06:27PM |
| Credit: | RGouveia |
| Vulnerable: |
PrestaShop PrestaShop 1.4.4.1 |
| Not Vulnerable: | |
Discussion
Prestashop 'displayImage.php' HTTP Response Splitting Vulnerability
Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid various attacks that try to entice client users into a false sense of trust.
Prestashop 1 4.4.1 is vulnerable; other versions may also be affected.
Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid various attacks that try to entice client users into a false sense of trust.
Prestashop 1 4.4.1 is vulnerable; other versions may also be affected.
Exploit / POC
Prestashop 'displayImage.php' HTTP Response Splitting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following exploit example is available:
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following exploit example is available:
Solution / Fix
Prestashop 'displayImage.php' HTTP Response Splitting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Prestashop 'displayImage.php' HTTP Response Splitting Vulnerability
References:
References:
- Prestashop Homepage (Prestashop)
- Header Injection Vulnerability in Prestashop (RGouveia)