Oracle WebCenter Sites CVE-2013-1509 HTTP Header Injection Vulnerability
BID:59132
Info
Oracle WebCenter Sites CVE-2013-1509 HTTP Header Injection Vulnerability
| Bugtraq ID: | 59132 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1509 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2013 12:00AM |
| Updated: | Apr 18 2013 11:09AM |
| Credit: | K. Gudinavicius |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Oracle WebCenter Sites CVE-2013-1509 HTTP Header Injection Vulnerability
Oracle WebCenter Sites is prone to an HTTP-header-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to inject arbitrary HTTP headers into a server response and which may help in launching cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.
This vulnerability affects the following supported versions:
7.6.2, 11.1.1.6.0, 11.1.1.6.1
Oracle WebCenter Sites is prone to an HTTP-header-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to inject arbitrary HTTP headers into a server response and which may help in launching cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.
This vulnerability affects the following supported versions:
7.6.2, 11.1.1.6.0, 11.1.1.6.1
Exploit / POC
Oracle Fusion Middleware CVE-2013-1509 Remote Security Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle WebCenter Sites CVE-2013-1509 HTTP Header Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Oracle Fusion Middleware CVE-2013-1509 Remote Security Vulnerability
References:
References: