JVN#15243167
Problem with referer header handling on mobile phone web browsers
Overview
We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances.
This problem has been reported for KDDI's au mobile phones. KDDI, regarding this problem as a defect which leads to behaviors inconsistent with the specification of RFC2616, provides countermeasure information. JVN has publicized this issue in coordination with vendors to make it known to users.
Products Affected
- For more information, refer to the vendors' websites.
Description
Impact
Referer information may be unintendedly sent to a server under certain operating conditions.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Vodafone K.K. | Not Vulnerable | 2005/12/09 | |
| KDDI CORPORATION | Vulnerable | 2005/12/09 |
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000799 |