CVE-2009-1357

Sun Java System Delegated Administrator 6.2-6.4 - HTTP Response Splitting via HELP_PAGE Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1357. PoCs published by SCS team.

AI-analyzed exploit summary This exploit demonstrates an HTTP response-splitting vulnerability in Sun Java System Delegated Administrator by injecting CRLF sequences into the `HELP_PAGE` parameter, allowing attackers to manipulate HTTP headers and potentially misrepresent web content.

Description

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SCS team · textwebappsjava

https://www.exploit-db.com/exploits/32940

View Code ZIP pw:eip

This exploit demonstrates an HTTP response-splitting vulnerability in Sun Java System Delegated Administrator by injecting CRLF sequences into the `HELP_PAGE` parameter, allowing attackers to manipulate HTTP headers and potentially misrepresent web content.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sun Java System Delegated Administrator (version not specified)

No auth needed

Prerequisites: Network access to the target server · Target server running Sun Java System Delegated Administrator

MITRE ATT&CK