Release DateSep 15, 2009 |
Severitymedium |
ImpactSystem compromise: Provides unauthorized access, bypassing security. |
DescriptionThis indicates an attack attempt to exploit the HTTP-splitting vulnerability.The vulnerability is due to the application's failure to properly sanitize user HTTP requests. An attacker can send a specially crafted request containing malicious HTTP responses to poison the cache of the vulnerable web server. As a result, the attacker can bypass content restrictions or cause user requests to be redirected. |
Affected ProductsAll web application environments are susceptible to HTTP splitting. |
Recommended ActionsThe signature can be enabled to block this traffic. |
Coverage IPS
VCM |
