Forum OpenACS Q&A: Re: HTTP Response Splitting Attacks

Collapse
2: Re: HTTP Response Splitting Attacks (response to 1)
Posted by Dave Bauer on 07/14/09 01:44 PM
Brian,

Is there any way you can make this change and test it with the security test you client conducted?

I have had several clients use security audits and haven't seen this issue reported before. The audit your client had done must be newer.

Collapse
3: Re: HTTP Response Splitting Attacks (response to 2)
Posted by Brian Fenton on 07/14/09 01:53 PM
Hi Dave,

The problem is that this is an old OpenACS install (version 4.5), so I was wondering whether the issue may be resolved in more recent versions.

If I don't get any more replies, I'll implement Carsten's recommendations, and we'll see if that resolves the issue. But it would be good to hear other's experiences.

thanks
Brian