The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IE, Firefox: request splitting via a Digest authentication

Synthesis of the vulnerability 

An attacker can create a malicious web site in order to force web browsers of users behind a proxy to inject a new HTTP query.
Impacted systems: IE, Firefox.
Severity of this alert: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/04/2007.
Références of this alert: BID-23668, CVE-2007-2291, CVE-2007-2292, VIGILANCE-VUL-6767.

Description of the vulnerability 

When HTTP Digest authentication is activated on a web server, it returns to client:
  HTTP/1.1 401 Unauthorized
  WWW-Authenticate: Digest
     realm="realm@server" ...
The web browser then asks user for his login and password, then replies back with:
  Authorization: Digest username="my_user_name",
     realm="realm@server" ...

However, web browsers do not filter line feeds contained in user name. Following uri thus permits to inject line feeds in a HTTP query:

Consequences of this attack depends on context. For example, when user is behind a proxy, this proxy can send two different queries.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability alert impacts software or systems such as IE, Firefox.

Our Vigil@nce team determined that the severity of this computer threat alert is low.

The trust level is of type confirmed by a trusted third party, with an origin of internet server.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this security vulnerability.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.