Intrusion Prevention

Oracle.WebCenter.Sites.Satellite.Server.HTTP.Injection

Description

This indicates an attack attempt to exploit a HTTP Header Injection vulnerability in Oracle WebCenter Sites.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling maliciously crafted HTTP requests. A remote attacker can exploit this to perform malicious redirection attacks or poison the HTTP cache with crafted response.

Affected Products

Oracle WebCenter Sites 7.6.2
Oracle WebCenter Sites 11.1.1.6.0
Oracle WebCenter Sites 11.1.1.6.1

Impact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

CVE References

CVE-2013-1509