Oracle WebCenter Sites CVE-2013-1509 HTTP Header Injection Vulnerability

Oracle WebCenter Sites is prone to an HTTP-header-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to inject arbitrary HTTP headers into a server response and which may help in launching cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.

This vulnerability affects the following supported versions:
7.6.2, 11.1.1.6.0, 11.1.1.6.1


 

Privacy Statement
Copyright 2010, SecurityFocus