header-logo
Suggest Exploit
vendor:
Webstore
by:
SecurityFocus
7.5
CVSS
HIGH
HTTP Response Splitting
20
CWE
Product Name: Webstore
Affected Version From: 4050100
Affected Version To: 4050100
Patch Exists: N/A
Related CWE: N/A
CPE: amazon:webstore
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Amazon Webstore HTTP Response Splitting Vulnerability

Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13428/info

Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

This issue reportedly affects Amazon Webstore version 04050100; other versions may also be vulnerable. 

http://www.example.com/store/uk/product/">%0d%0aSet-Cookie:%20HTTP_response_splitting%3dYES%0d%0aFoo:%20bar.htm

Navigation

Suggest Exploit

Services By CQR