Crlf injection

2019-09-1317:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

34.0%

JSON

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.

CPENameOperatorVersion
arubaoslt6.4.4.20
arubaosge6.5.4.0
arubaoslt6.5.4.11
arubaosge6.5.4.12
arubaoslt8.2.1.0
arubaosge8.2.1.1
arubaoslt8.3.0.0

Name	Operator	Version
arubaos	lt	6.4.4.20
arubaos	ge	6.5.4.0
arubaos	lt	6.5.4.11
arubaos	ge	6.5.4.12
arubaos	lt	8.2.1.0
arubaos	ge	8.2.1.1
arubaos	lt	8.3.0.0

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for PRION:CVE-2019-5314