Hitachi Business Logic Container (BLC) Unspecified Input Form HTTP Response Splitting

2005-12-27T09:18:27
ID OSVDB:22064
Type osvdb
Reporter Hitachi Incident Response Team()
Modified 2005-12-27T09:18:27

Description

Vulnerability Description

Business Logic Container contains a flaw that allows an HTTP response splitting vulnerability. This flaw exists because the application does not validate parameters upon submission to unspecified forms. This could allow a user to create a specially crafted URL that would influence or misrepresent how Web content is served, cached or interpreted, leading to a loss of integrity.

Solution Description

For BLC on Windows, upgrade to version 3-00 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

For BLC on AIX, Hitachi requires users to contact their support service.

Short Description

Business Logic Container contains a flaw that allows an HTTP response splitting vulnerability. This flaw exists because the application does not validate parameters upon submission to unspecified forms. This could allow a user to create a specially crafted URL that would influence or misrepresent how Web content is served, cached or interpreted, leading to a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015420 Secunia Advisory ID:18213 Related OSVDB ID: 22062 Related OSVDB ID: 22063 Keyword: HS05-025 CVE-2005-4579 Bugtraq ID: 16067