HTTP: Mozilla Multiple Products Duplicate Location Headers Vulnerability
This signature detects attempts to exploit a known vulnerability in multiple Mozilla products. A vulnerability has been detected in Mozilla Firefox, Thunderbird and SeaMonkey. When multiple Location, Content-Type, Content-Length or Content-Disposition headers are present in an HTTP response, these Mozilla products use the last one, making them more susceptible to newline insertion attacks. An attacker may leverage this vulnerability in conjunction with a vulnerable web application to e.g. redirect target users to malicious URLs.
Extended Description
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how Web content is served, cached, or interpreted. This could aid in various attacks that try to instill client users with a false sense of trust. This issue is fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4
Affected Products
Avaya messaging_storage_server
Short Name
HTTP:STC:MOZILLA:DUP-LOC-HEADER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2011-3000 Duplicate Headers Location Mozilla Multiple Products Vulnerability bid:49849
Release Date
11/12/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Rarely
Vendors
Red_hat
Suse
Mozilla
Avaya
Mandriva
Ubuntu
Oracle
Debian
CVSS Score
4.3