Full Disclosure

Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities

April 4, 2017 007admin Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-response-splitting-directory-traversal-vulnerabilities.html

Date:
04-Apr-2017

Product:
Computer Associates (Layer7) API Gateway

Versions affected:
v7, v8, v9

Vulnerabilities:

1) CRLF Response Splitting

https://[target]:8443/test%0d%0a<h1>string?wsdl

Parameters uri=’/test
<h1>string’ did not resolve to any service….

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information