Short Name |
HTTP:REQERR:URL-LF-CR |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Url Encoded New Line |
Release Date |
2010/06/30 |
Update Number |
1723 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects the presence of a encoded new line inside of a URI. An encoded new line in a URI can have multiple impacts on the Web server, the most common being the injection of a header, which can be used to leverage other attacks inside vulnerable clients.
Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerability affects the following supported versions: 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3