CVE-2009-4086

Опубликовано: 29 нояб. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.

Ссылки

http://packetstormsecurity.org/0911-exploits/xerver-split.txt
Exploit
http://secunia.com/advisories/36681
Vendor Advisory
http://www.securityfocus.com/bid/37064
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/54356
http://packetstormsecurity.org/0911-exploits/xerver-split.txt
Exploit
http://secunia.com/advisories/36681
Vendor Advisory
http://www.securityfocus.com/bid/37064
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/54356

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:javascript:xerver_http_server:4.31:*:*:*:*:*:*:*

cpe:2.3:a:javascript:xerver_http_server:4.32:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.025

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-2wh9-mjfj-9cc7

github

почти 4 года назад