Security bulletins/2014-002

This bulletin has been assigned a CVE identifier of CVE-2014-2017 CVSS score 4.1 Released: March 11th, 2014

The following issue has been identified:

= Synopsis =

A HTTP response splitting vulnerability has been found in OXID eShop all editions, all former versions.

= State =

Resolved in OXID eShop version 4.7.11/5.0.11. and OXID eShop version 4.8.4/5.1.4

= Impact = Under certain circumstances (depending on the browser, OS, PHP-Version), an attacker can trick a user to enter a specially crafted URI or click on a mal-formed link to exploit a HTTP response splitting vulnerability that theoretically can be used to poison cache, gain unauthorized access to a user account or collect sensitive information of this user.

A possible exploit by passing such a mal-formed URI could lead to:
 * return of a blank page or a PHP error (depending on one's server configuration)
 * set unsolicited browser cookies

= Affected products, releases and platforms =

Products:


 * OXID eShop Enterprise Edition
 * OXID eShop Professional Edition
 * OXID eShop Community Edition

Releases:


 * All previous releases

Platforms:


 * All releases are affected on all platforms.

= Resolution =

The issue has been addressed in the following releases:


 * OXID eShop Professional Edition version 4.7.11 and 4.8.4


 * OXID eShop Enterprise Edition version 5.0.11 and 5.1.4
 * OXID eShop Community Edition version 4.7.11 and 4.8.4

Bug tracker entry: https://bugs.oxid-esales.com/view.php?id=5635

For OXID eShops >= version 5.0 (EE) and 4.7 (PE, CE)
1. Please find the method oxConfig::checkParamSpecialChars around line 821 in core/oxconfig.php

Replace the lines

with

2. and the method oxHeader::setHeader around line 25 in core/oxheader.php

Replace the line

with

3. and the method oxUtils::_simpleRedirect around line 1045 in core/oxutils.php

Replace the lines

with

For OXID eShop < 5.0 (EE) and 4.7 (PE, CE)
1. Please find the method oxConfig::checkSpecialChars around line 755 in core/oxconfig.php

Replace the lines

with

2. the class core/oxutils.php. Add new method in core/oxutils.php

3. and the method oxUtils::_simpleRedirect around line 1045 in core/oxutils.php

Replace the lines

with

= Credits =

Many thanks to Heiko Frenzel for the hint!

= Stay up-to-date =

To receive upcoming OXID Security Bulletins, please subscribe to the mailing lists or the Announcement forum

= How to report security issues =

Learn how to report security issues in the Security overview page.