Xerver HTTP Response Splitting

Medium Nessus Plugin ID 42896


The remote web server has an HTTP response splitting vulnerability.


The version of Xerver running on the remote host has an HTTP response splitting vulnerability due to its failure to sanitize specially encoded carriage return and newline characters. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the injection of HTTP headers, HTML, or script code.


There is no known solution at this time.

See Also


Plugin Details

Severity: Medium

ID: 42896

File Name: xerver_http_response_splitting.nasl

Version: $Revision: 1.10 $

Type: remote

Family: Web Servers

Published: 2009/11/25

Modified: 2016/05/04

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2009/11/18

Reference Information

CVE: CVE-2009-4086

BID: 37064

OSVDB: 60657

Secunia: 36681

CWE: 20