CVE-2019-4396

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. (CVSS:3.5) (Concluding Update:2020-08-24)

2019-10-24T20:00:00-04:00October 24th, 2019|HTTP Response Splitting|

CVE-2019-4461

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. (CVSS:3.5) (Closing Update:2020-08-24)

2019-10-24T20:00:00-04:00October 24th, 2019|HTTP Response Splitting|

CVE-2019-17513

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. (CVSS:5.0) (Concluding Update:2020-08-24)

2019-10-17T20:00:00-04:00October 17th, 2019|HTTP Response Splitting|

CVE-2019-15259

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is owed to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, entree easily broken browser-based information, and alike exploits. (CVSS:4.3) (Concluding Update:2020-10-16)

2019-10-01T20:00:00-04:00October 1st, 2019|HTTP Response Splitting|
Go to Top