Security bulletin: 2014-002

This bulletin has been assigned a CVE identifier of CVE-2014-2017
CVSS score 4.1
Released: March 11th, 2014

The following issue has been identified:

Synopsis

A HTTP response splitting vulnerability has been found in OXID eShop all editions, all former versions.

State

Resolved in OXID eShop version 4.7.11/5.0.11. and OXID eShop version 4.8.4/5.1.4

Impact

Under certain circumstances (depending on the browser, OS, PHP-Version), an attacker can trick a user to enter a specially crafted URI or click on a mal-formed link to exploit a HTTP response splitting vulnerability that theoretically can be used to poison cache, gain unauthorized access to a user account or collect sensitive information of this user.

A possible exploit by passing such a mal-formed URI could lead to:

  • return of a blank page or a PHP error (depending on one’s server configuration)
  • set unsolicited browser cookies

Affected products, releases and platforms

Products:

  • OXID eShop Enterprise Edition
  • OXID eShop Professional Edition
  • OXID eShop Community Edition

Releases:

  • All previous releases

Platforms:

  • All releases are affected on all platforms.

Resolution

The issue has been addressed in the following releases:

  • OXID eShop Professional Edition version 4.7.11 and 4.8.4
  • OXID eShop Enterprise Edition version 5.0.11 and 5.1.4
  • OXID eShop Community Edition version 4.7.11 and 4.8.4

Bug tracker entry: https://bugs.oxid-esales.com/view.php?id=5635

Workaround

For OXID eShops >= version 5.0 (EE) and 4.7 (PE, CE)

1. Please find the method oxConfig::checkParamSpecialChars() around line 821 in core/oxconfig.php

Replace the lines

with

2. and the method oxHeader::setHeader() around line 25 in core/oxheader.php

Replace the line

with

3. and the method oxUtils::_simpleRedirect() around line 1045 in core/oxutils.php

Replace the lines

with

For OXID eShop < 5.0 (EE) and 4.7 (PE, CE)

1. Please find the method oxConfig::checkSpecialChars() around line 755 in core/oxconfig.php

Replace the lines

with

2. the class core/oxutils.php. Add new method in core/oxutils.php

3. and the method oxUtils::_simpleRedirect() around line 1045 in core/oxutils.php

Replace the lines

with

Credits

Many thanks to Heiko Frenzel for the hint!

Stay up-to-date

To receive upcoming OXID Security Bulletins, please subscribe to the mailing lists or the Announcement forum

How to report security issues

Learn how to report security issues in the Security overview page.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *