UBB.threads toggleshow.php Cat Variable HTTP Response Splitting

2005-06-23T05:15:28
ID OSVDB:17518
Type osvdb
Reporter James Bercegay()
Modified 2005-06-23T05:15:28

Description

Vulnerability Description

UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'toggleshow.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 6.5.2 beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

UBB.threads contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'Cat' variable upon submission to the 'toggleshow.php' script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.ubbcentral.com/ubbthreads/ Vendor Specific Solution URL: http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351 Security Tracker: 1014285 Secunia Advisory ID:15805 Related OSVDB ID: 17517 Related OSVDB ID: 17519 Related OSVDB ID: 17521 Related OSVDB ID: 17512 Related OSVDB ID: 17525 Related OSVDB ID: 17520 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00084-06232005 Other Advisory URL: http://www.uscert.gov/cas/bulletins/SB05-180.pdf Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0213.html ISS X-Force ID: 21127 CVE-2005-2060 Bugtraq ID: 14053