CVE-2014-0413

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware version 10.1.3.5

Description The issue is related to HTTP Request Handling in the Oracle Containers for J2EE component. It allows remote attackers to affect integrity. The vulnerability is also described as being related to insufficient checking of values in HTTP headers, which can be exploited by adding special CRLF symbols to the header value, allowing an attacker to form a fake HTTP response and display arbitrary data to the user in the context of the vulnerable application.

Recommendations For Oracle Fusion Middleware version 10.1.3.5, consider restricting access to the HTTP Request Handling component until a patch is available. As a temporary workaround, avoid using HTTP headers that can be manipulated by an attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.