Published:2005/12/09  Last Updated:2008/05/21

JVN#15243167
Problem with referer header handling on mobile phone web browsers

Overview

We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances.

This problem has been reported for KDDI's au mobile phones. KDDI, regarding this problem as a defect which leads to behaviors inconsistent with the specification of RFC2616, provides countermeasure information. JVN has publicized this issue in coordination with vendors to make it known to users.

Products Affected

  • For more information, refer to the vendors' websites.

Description

Impact

Referer information may be unintendedly sent to a server under certain operating conditions.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Vodafone K.K. Not Vulnerable 2005/12/09
KDDI CORPORATION Vulnerable 2005/12/09

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000799

Update History