CVE-2023-26147

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gist.github.com/dellalibera/2be265b56b7b3b00de1a777b9dec0c7b	Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730768	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ithewei:libhv:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-29 05:15

Updated : 2023-11-07 04:09

NVD link : CVE-2023-26147

Mitre link : CVE-2023-26147

CVE.ORG link : CVE-2023-26147

JSON object : View

Products Affected

ithewei

libhv

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

{"id": "CVE-2023-26147", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-09-29T05:15:46.630", "references": [{"url": "https://gist.github.com/dellalibera/2be265b56b7b3b00de1a777b9dec0c7b", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730768", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-113"}]}], "descriptions": [{"lang": "en", "value": "All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability."}, {"lang": "es", "value": "Todas las versiones del paquete ithewei/libhv son vulnerables a la divisi\u00f3n de respuesta HTTP cuando se utilizan entradas de usuarios que no son de confianza para construir los valores de las cabeceras. Un atacante puede agregar los caracteres \\r\\n (avances de l\u00ednea de retorno de carro) al final de las cabeceras de respuesta HTTP e inyectar contenido malicioso, como por ejemplo cabeceras adicionales o un nuevo cuerpo de respuesta, lo que genera una posible vulnerabilidad XSS."}], "lastModified": "2023-11-07T04:09:28.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ithewei:libhv:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02035540-1A6E-46F6-A215-8ADBE8A24F04"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}