osCommerce application_top.php Multiple Parameter HTTP Response Splitting

This script is Copyright (C) 2005-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP application that is susceptible
to multiple HTTP Response splitting attacks.

Description :

The version of osCommerce on the remote host suffers from multiple
HTTP response splitting vulnerabilities due to its failure to sanitize
user-supplied input to various parameters of the
'includes/application_top.php' script, the 'goto' parameter of the
'banner.php' script, and possibly others. An attacker may be able to
exploit these flaws to inject malicious text into HTTP headers,
possibly resulting in the theft of session identifiers and/or
misrepresentation of the affected site.

See also :

http://www.nessus.org/u?3f295f7d
http://archives.neohapsis.com/archives/bugtraq/2005-06/0068.html

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:H/RL:W/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18525 ()

Bugtraq ID: 13979

CVE ID: CVE-2005-1951