Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46346

HistoryApr 10, 2024 - 9:30 p.m.

HTTP Response Splitting

2024-04-1021:30:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

http response splitting

apache

backend injection

desynchronization attack

AI Score

7.3

Confidence

High

EPSS

0

Percentile

13.0%

Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization attack.

References

seclists.org/fulldisclosure/2024/Jul/18

www.openwall.com/lists/oss-security/2024/04/04/5

httpd.apache.org/security/vulnerabilities_24.html

lists.debian.org/debian-lts-announce/2024/05/msg00013.html

lists.debian.org/debian-lts-announce/2024/05/msg00014.html

lists.fedoraproject.org/archives/list/[email protected]/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

lists.fedoraproject.org/archives/list/[email protected]/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

lists.fedoraproject.org/archives/list/[email protected]/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.16/main.yaml

secdb.alpinelinux.org/v3.17/main.yaml

secdb.alpinelinux.org/v3.18/main.yaml

secdb.alpinelinux.org/v3.19/main.yaml

security.netapp.com/advisory/ntap-20240415-0013/

support.apple.com/kb/HT214119

AI Score

7.3

Confidence

High

EPSS

0

Percentile

13.0%

Related for VERACODE:46346

ubuntucve1 cbl_mariner2 nvd1 nessus42 redhatcve1 alpinelinux1 osv9 cve1 debian3 f51 debiancve1 vulnrichment1 cvelist1 openvas34 fedora3 ibm9 redos1 amazon1 ubuntu3 slackware1 kaspersky1 freebsd1 mageia1 apple1 oracle1