HTTP Response Splitting

From: Joxean Koret (joxeankoret@yahoo.es)
Date: Sat Oct 09 2004 - 11:44:37 EDT

Next message: Max Moser: "New auditor security collection 081004-01 released"
Previous message: Chuck Fullerton: "RE: Penetration testing scope/outline"
Next in thread: Justin Pincar: "Re: HTTP Response Splitting"
Reply: Justin Pincar: "Re: HTTP Response Splitting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Hi!

I have a problem trying to test a vulnerability in a
PHP application. The app. is vulnerable to an HTTP
Response Splitting attack under Windows 2000 +
IIS Web Server with IE 6 Browser but this doesn't
work with Apache 2.0.40 + GNU/Linux and
Konqueror.

The HTTP Response Splitting attacks only works
with IIS Web Servers? Or this doesn't work ONLY
with Apache web servers?

Thanks

------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------

Next message: Max Moser: "New auditor security collection 081004-01 released"
Previous message: Chuck Fullerton: "RE: Penetration testing scope/outline"
Next in thread: Justin Pincar: "Re: HTTP Response Splitting"
Reply: Justin Pincar: "Re: HTTP Response Splitting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT