Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-4086

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-4086
Last Modified 12 Dec 2011 12:00:00
Published 29 Nov 2009 08:07:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-4086

Summary

CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Javascript Xerver 4.32

  • Javascript Xerver Http Server 4.31

  • Javascript Xerver Http Server 4.32


References

XF - xerver-response-splitting(54356)

BID - 37064

SECUNIA - 36681

MISC - http://packetstormsecurity.org/0911-exploits/xerver-split.txt


Last Updated: 27 May 2016 10:57:51