ASP Nuke language_select.asp HTTP Response Splitting

2005-06-26T01:13:15
ID OSVDB:17702
Type osvdb
Reporter Alberto Trivero(trivero@jumpy.it)
Modified 2005-06-26T01:13:15

Description

Vulnerability Description

ASP Nuke contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'LangCode' variable upon submission to the language_select.asp script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ASP Nuke contains a flaw that allows a remote HTTP response splitting attack. This flaw exists because the application does not validate the 'LangCode' variable upon submission to the language_select.asp script. This could allow an attacker to create a specially crafted URL that would present a fake web page to a user, steal session cookies, or execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.aspnuke.com/ Security Tracker: 1014310 Secunia Advisory ID:15066 Related OSVDB ID: 17703 Related OSVDB ID: 17700 Related OSVDB ID: 17701 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0228.html Keyword: M4DR007-07SA ISS X-Force ID: 21213 CVE-2005-2065 Bugtraq ID: 14063