Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SnipSnap < 1.0b1 POST Request HTTP Response Splitting

Low

Synopsis

The remote host is vulnerable to an HTTP 'response splitting' vulnerability.

Description

The remote host seems to be running SnipSnap, a weblog application implemented in Java. It is reported that versions of SnipSnap prior 1.0.0b1 are prone to a HTTP response splitting vulnerability. An attacker may influence how the website is served, cached and interpreted by the means of a malformed link to the web site that would alter the server HTTP headers.

Solution

Upgrade to SnipSnap 1.0b1 or higher.