Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
BID:53084
Info
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
| Bugtraq ID: | 53084 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0526 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2012 12:00AM |
| Updated: | Aug 22 2012 07:00PM |
| Credit: | Esteban Martinez Fayo of Application Security Inc |
| Vulnerable: |
SuSE Manager (for SLE 11 SP1) 1.2 Oracle Oracle11g Standard Edition 11.2.0.3 Oracle Oracle11g Standard Edition 11.2.0.2.0 Oracle Oracle11g Standard Edition 11.1.0.7 R1 Oracle Oracle11g Enterprise Edition 11.2 2 Oracle Oracle11g Enterprise Edition 11.2.0.3 Oracle Oracle11g Enterprise Edition 11.1.0.7 R1 Oracle Oracle10g Standard Edition 10.2 .5 Oracle Oracle10g Standard Edition 10.2 .3 R2 Oracle Oracle10g Standard Edition 10.2.0.4 R2 Oracle Oracle10g Personal Edition 10.2 .5 Oracle Oracle10g Personal Edition 10.2 .3 R2 Oracle Oracle10g Personal Edition 10.2.0.4 R2 Oracle Oracle10g Enterprise Edition 10.2 .5 Oracle Oracle10g Enterprise Edition 10.2 .3 R2 Oracle Oracle10g Enterprise Edition 10.2.0.4 R2 Oracle Enterprise Manager Grid Control 10g 10.2.0.5 |
| Not Vulnerable: | |
Discussion
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
Oracle Database Serveris prone to an HTTP-response-splitting vulnerability in Enterprise Manager Base Platform.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Schema Management' sub component is affected.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This vulnerability affects the following supported versions:
10.2.0.5
Oracle Database Serveris prone to an HTTP-response-splitting vulnerability in Enterprise Manager Base Platform.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Schema Management' sub component is affected.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This vulnerability affects the following supported versions:
10.2.0.5
Exploit / POC
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
References:
References: