Lucene search

Veracode Vulnerability DatabaseVERACODE:12118

HistoryJan 15, 2019 - 9:12 a.m.

HTTP Header Injection

2019-01-1509:12:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.018 Low

EPSS

Percentile

88.3%

JSON

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling.

CPENameOperatorVersion
golangeq1.4.2__9.el7

CPE	Name	Operator	Version
	golang	eq	1.4.2__9.el7

References

access.redhat.com/security/cve/CVE-2015-5739

access.redhat.com/security/cve/CVE-2015-5740

access.redhat.com/security/cve/CVE-2015-5741

access.redhat.com/security/cve/CVE-2016-3959

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1346331

rhn.redhat.com/errata/RHSA-2016-1538.html

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for VERACODE:12118