Lucene search

Veracode Vulnerability DatabaseVERACODE:45284

HistoryFeb 02, 2024 - 7:24 a.m.

Interpretation Conflict

2024-02-0207:24:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

interpretation conflict

vulnerability

headers

server

request

security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

bref/bref is vulnerable to Interpretation Conflict. The vulnerability is caused by the mishandling of headers due to the server only returning the last header if multiple headers are included in a request. If the application relies on multiple headers with the same key being set for security reasons, an attacker can lower the security of the request.

References

github.com/brefphp/bref/commit/f834027aaf88b3885f4aa8edf6944ae920daf2dc

github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for VERACODE:45284