vendor:
Xerver
by:
SecureState R&D Team - sasquatch
8.8
CVSS
HIGH
HTTP Response Splitting
113
CWE
Product Name: Xerver
Affected Version From: 4.31
Affected Version To: 4.32
Patch Exists: YES
Related CWE: N/A
CPE: a:xerver:xerver:4.31
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win32
2008
Xerver 4.31, 4.32 HTTP Response Splitting
Xerver 4.31 and 4.32 are vulnerable to HTTP Response Splitting attacks. An attacker can inject malicious content into the response header by sending a specially crafted HTTP request. This can be used to perform various attacks such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The proof of concept for this vulnerability is a specially crafted HTTP request containing a malicious payload in the response header.
Mitigation:
The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in the response header.