| VID |
21630 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osCommerce program is vulnerable to multiple HTTP response splitting vulnerabilities. osCommerce is an online shop e-commerce solution under on going development by the open source community. osCommerce version 2.2 and earlier versions are vulnerable to multiple HTTP response splitting vulnerabilities, caused by improper validation of user-supplied input passed to the various parameters of the 'includes/application_top.php' script and the 'goto' parameter of the 'banner.php' script. These HTTP Response Splitting vulnerabilities may allow for an attacker to steal sensitive user information, or cause temporary web site defacement.
* References:
http://www.gulftech.org/?node=research&article_id=00080-06102005
* Platforms Affected:
osCommerce version 2.2 and earlier versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2005.
Upgrade to the latest version of osCommerce (greater than 2.2), when new fixed version becomes available from the osCommerce Download Web site at http://www.oscommerce.com/solutions/downloads |
| Related URL |
CVE-2005-1951 (CVE) |
| Related URL |
13979 (SecurityFocus) |
| Related URL |
20985 (ISS) |
|
