Oracle Enterprise Manager Database Control 18.104.22.168, 22.214.171.124, 126.96.36.199
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
HTTP Response Splitting is a web application vulnerability where input parameters are unsafely used in response headers allowing an attacker to make the server print one (or more) new line sequences in the header section which allows to set arbitrary headers, take control of the body, or break the response into two or more separate responses. This can be used to perform cross-site scripting, cross-user defacement and web cache poisoning, among other attacks.
The ‘pagename’ parameter of web page /em/console/ecm/policy/policyViewSettings is vulnerable to this kind of attacks.
An attacker that convinces a valid Oracle Enterprise Manager user to click or open a malicious link can take over the user’s session.
Vendor was contacted and a patch was released.
There is no workaround for this vulnerability.
Apply January 2013 CPU.
Vendor Notification – 6/25/2012
Vendor Response – 6/29/2012
Fix – 1/15/2013
Public Disclosure – 1/31/2013