[原文]CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.
Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which try to entice client users into a false sense of trust.
This issue was identified in Comersus Shopping Cart 5.0991, however, other versions may be affected as well.
Comersus ASP Shopping Cart redirecturl HTTP Response Splitting
Remote / Network Access
Loss of Integrity
Comersus Shopping Cart contains a flaw that may allow a malicious user to conduct a HTTP response splitting attack. The issue is triggered when a malicious user submits a specially crafted url to the 'redirecturl' parameter. It is possible that the flaw may allow a remote attacker to display arbitrary content on the server resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.