View Issue Details

IDProjectCategoryView StatusLast Update
0005635OXID eShop (all versions)4.04. Securitypublic2014-03-11 11:29
Reportertomas_liubinas 
PriorityimmediateSeveritycriticalReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.7.11 / 5.0.11 
Target Version4.7.11 / 5.0.11Fixed in Version4.7.11 / 5.0.11 
Summary0005635: Certain request parameters causes HTTP request splitting
DescriptionCertain request parameters causes HTTP request splitting
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
MySQL Versionany

Activities

saulius.stasiukaitis

2014-02-06 16:47

reporter   ~0009479

Fixed in b-5.0-HTTP_Response_Splitting_bug branch

saulius.stasiukaitis

2014-02-06 16:48

reporter   ~0009480

Fix in oxConfig::checkParamSpecialChars which escape from special chars.