Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-4086


Vulnerability Score 5.0 5.0
CVE Id CVE-2009-4086
Last Modified 12 Dec 2011 12:00:00
Published 29 Nov 2009 08:07:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.

Vulnerable Systems


  • Javascript Xerver 4.32

  • Javascript Xerver Http Server 4.31

  • Javascript Xerver Http Server 4.32


XF - xerver-response-splitting(54356)

BID - 37064

SECUNIA - 36681


Last Updated: 27 May 2016 10:57:51