This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote web server has an HTTP response splitting vulnerability.
The version of Xerver running on the remote host has an HTTP response
splitting vulnerability due to its failure to sanitize specially
encoded carriage return and newline characters. A remote attacker
could exploit this by tricking a user into requesting a maliciously
crafted URL, resulting in the injection of HTTP headers, HTML, or
See also :
There is no known solution at this time.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 42896 ()
Bugtraq ID: 37064
CVE ID: CVE-2009-4086
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.