Detections
Analytics

Xerver HTTP Response Splitting

medium Nessus Plugin ID 42896

Language:

Synopsis

The remote web server has an HTTP response splitting vulnerability.

Description

The version of Xerver running on the remote host has an HTTP response splitting vulnerability due to its failure to sanitize specially encoded carriage return and newline characters. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the injection of HTTP headers, HTML, or script code.

Solution

There is no known solution at this time.

See Also

http://www.exploit-db.com/exploits/10170

Plugin Details

Severity: Medium

ID: 42896

File Name: xerver_http_response_splitting.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 11/25/2009

Updated: 8/7/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/18/2009

Reference Information

CVE: CVE-2009-4086

BID: 37064

CWE: 20

Secunia: 36681