HTTP: Url Encoded New Line
This signature detects the presence of a encoded new line inside of a URI. An encoded new line in a URI can have multiple impacts on the Web server, the most common being the injection of a header, which can be used to leverage other attacks inside vulnerable clients.
Extended Description
Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerability affects the following supported versions: 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3
Affected Products
Oracle weblogic_server
Short Name
HTTP:REQERR:URL-LF-CR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2008-7257 CVE-2010-2375 Encoded Line New Url bid:41159 bid:41620
Release Date
06/30/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally
Vendors
Oracle
CVSS Score
4.3
6.4