Info

Disclosure

Oct 05, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 05, 2011

Description

WebKit contains a flaw that allows an attacker to conduct an HTTP response splitting attack. This flaw exists because window.location.href and similar needlessly decode URI-encoded characters. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: PoC Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

The vendor has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details.

Products

Apple Inc.

Safari

5.1.7

References

Security Tracker: 1027307
CVE ID: 2012-3696 (see also: NVD)
Secunia Advisory ID: 50058 50586
Related OSVDB ID: 84200 84201 84203 84204 84205 84206 84207 84209 84210 84211 84213 84214
Generic Informational URL: http://en.wikipedia.org/wiki/HTTP_response_splitting
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5400
http://support.apple.com/kb/HT5503
Vendor Specific Solution URL: http://trac.webkit.org/changeset/96779
Vendor Specific News/Changelog Entry: https://bugs.webkit.org/show_bug.cgi?id=30225

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84208