[原文]Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.
Hitachi Business Logic Container (BLC) Unspecified Input Form HTTP Response Splitting
Remote / Network Access
Loss of Integrity
Business Logic Container contains a flaw that allows an HTTP response splitting vulnerability. This flaw exists because the application does not validate parameters upon submission to unspecified forms. This could allow a user to create a specially crafted URL that would influence or misrepresent how Web content is served, cached or interpreted, leading to a loss of integrity.
For BLC on Windows, upgrade to version 3-00 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
For BLC on AIX, Hitachi requires users to contact their support service.