HTTP Response Splitting

2024-04-1021:30:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

http response splitting

apache

backend injection

desynchronization attack

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization attack.

CPENameOperatorVersion
apache2:3.16eq2.4.56-r0
apache2:3.16eq2.4.53-r0
apache2:3.16eq2.4.55-r0
apache2:3.16eq2.4.54-r0
apache2:3.16eq2.4.58-r0
apache2:3.17eq2.4.56-r0
apache2:3.17eq2.4.57-r0
apache2:3.17eq2.4.55-r0
apache2:3.17eq2.4.54-r1
apache2:3.17eq2.4.58-r0

Name	Operator	Version
apache2:3.16	eq	2.4.56-r0
apache2:3.16	eq	2.4.53-r0
apache2:3.16	eq	2.4.55-r0
apache2:3.16	eq	2.4.54-r0
apache2:3.16	eq	2.4.58-r0
apache2:3.17	eq	2.4.56-r0
apache2:3.17	eq	2.4.57-r0
apache2:3.17	eq	2.4.55-r0
apache2:3.17	eq	2.4.54-r1
apache2:3.17	eq	2.4.58-r0