Description
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.
Affected Software
Related
{"id": "CVE-2020-11709", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-11709", "description": "cpp-httplib through 0.5.8 does not filter \\r\\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.", "published": "2020-04-12T14:15:00", "modified": "2020-04-13T16:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11709", "reporter": "cve@mitre.org", "references": ["https://github.com/yhirose/cpp-httplib/issues/425", "https://gist.github.com/shouc/a9330df817128bc4c4132abf3de09495"], "cvelist": ["CVE-2020-11709"], "immutableFields": [], "lastseen": "2022-03-23T12:21:14", "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2020-11709"]}], "rev": 4}, "score": {"value": 1.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2020-11709"]}]}, "exploitation": null, "vulnersScore": 1.4}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:cpp-httplib_project:cpp-httplib:0.5.8"], "cpe23": ["cpe:2.3:a:cpp-httplib_project:cpp-httplib:0.5.8:*:*:*:*:*:*:*"], "cwe": ["CWE-74"], "affectedSoftware": [{"cpeName": "cpp-httplib_project:cpp-httplib", "version": "0.5.8", "operator": "le", "name": "cpp-httplib project cpp-httplib"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cpp-httplib_project:cpp-httplib:0.5.8:*:*:*:*:*:*:*", "versionEndIncluding": "0.5.8", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/yhirose/cpp-httplib/issues/425", "name": "https://github.com/yhirose/cpp-httplib/issues/425", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://gist.github.com/shouc/a9330df817128bc4c4132abf3de09495", "name": "https://gist.github.com/shouc/a9330df817128bc4c4132abf3de09495", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
{"ubuntucve": [{"lastseen": "2022-01-21T20:26:58", "description": "cpp-httplib through 0.5.8 does not filter \\r\\n in parameters passed into\nthe set_redirect and set_header functions, which creates possibilities for\nCRLF injection and HTTP response splitting in some specific contexts.\n\n#### Bugs\n\n * <https://github.com/yhirose/cpp-httplib/issues/425>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[amurray](<https://launchpad.net/~amurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap cpp-httplib doesn't look to be built in the Ubuntu chromium-browser packages, marking as not-affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11709", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11709"], "modified": "2020-04-12T00:00:00", "id": "UB:CVE-2020-11709", "href": "https://ubuntu.com/security/CVE-2020-11709", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "gitlab": [{"lastseen": "2022-06-09T23:04:39", "description": "cpp-httplib does not filter `\\r\\n` in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-12T00:00:00", "type": "gitlab", "title": "Injection Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11709"], "modified": "2020-04-12T00:00:00", "id": "GITLAB-51BBC3DF97F6D1750DA9384A1563ED27", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/conan%2Fcpp-httplib%2FCVE-2020-11709.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
CVE-2020-11709
