CoSign CHECK Command cosign Cookie Variable CRLF Injection

2007-03-28T05:03:58
ID OSVDB:34833
Type osvdb
Reporter OSVDB
Modified 2007-03-28T05:03:58

Description

Solution Description

Upgrade to version 2.0.2a, 1.9.4b or higher, as it has been reported to fix this vulnerability. In addition, Cosign has released a patch for some older versions.

References:

Vendor URL: http://weblogin.org/ Vendor Specific News/Changelog Entry: http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-001.txt Secunia Advisory ID:24845 Related OSVDB ID: 34834 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0170.html FrSIRT Advisory: ADV-2007-1359 CVE-2007-2232