Problem Note 71059: SASĀ® Fraud Management contains vulnerabilities that allow improper neutralization of CRLF sequences in HTTP headers
 |  |  |  |  |
Severity: Medium
Description: SAS Fraud Management contains vulnerabilities that allow improper neutralization of CRLF sequences in HTTP headers.
Potential Impact: Malicious input that contains CRLF might be used to split the HTTP response into two responses. The second response can be controlled by the attacker and might be used for a cross-site scripting or a cache poisoning attack.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Fraud Management | Linux for x64 | 6.1 | 9.4 TS1M6 | ||
A fix for this issue for SAS Fraud Management 6.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F6R.html#71059| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2024-12-10 11:17:51 |
| Date Created: | 2024-11-19 11:58:53 |