[原文]Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit any of these vulnerabilities to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
No exploit is required.
The following proof of concept URI are available: http://www.example.com/index.php?action=buy_now&products_id=22%0d%0atest:%20poison%20headers! http://www.example.com/index.php?action=cust_order&pid=2%0d%0atest:%20poison%20headers!
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.