Lucene search
HistoryNov 29, 2009 - 1:07 p.m.
CVE-2009-4086
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.008
Percentile
81.4%
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
javascriptxerver_http_serverMatch4.31
ORjavascriptxerver_http_serverMatch4.32
| Vendor | Product | Version | CPE |
|---|---|---|---|
| javascript | xerver_http_server | 4.31 | cpe:2.3:a:javascript:xerver_http_server:4.31:*:*:*:*:*:*:* |
| javascript | xerver_http_server | 4.32 | cpe:2.3:a:javascript:xerver_http_server:4.32:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Xerver 4.31/4.32 - HTTP Response Splitting
2009-11-18 00:00:00
prion
prion
Crlf injection
2009-11-29 13:07:00
cvelist
cvelist
CVE-2009-4086
2009-11-27 20:45:00
nessus
nessus
Xerver HTTP Response Splitting
2009-11-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Xerver HTTP CRLF Injection Response Splitting (CVE-2009-4086)
2011-06-28 00:00:00
openvas
openvas
Xerver HTTP Response Splitting Vulnerability
2009-11-20 00:00:00
Xerver <= 4.32 HTTP Response Splitting Vulnerability
2009-11-20 00:00:00
cve
cve
CVE-2009-4086
2009-11-29 13:07:34
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.008
Percentile
81.4%
Related for NVD:CVE-2009-4086