CVE-2017-7443 — HTTP Request/Response Splitting in Project Apt-cacher-ng

CWE-113 — HTTP Request/Response Splitting7 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 52.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apt-cacher-ng Project Apt-cacher-ng Apt-cacher Project Apt-cacher

Timeline

PublishedApr 5

Latest updateMay 17

Description

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶Debianapt-cacher_project/apt-cacher< 1.7.15+3

▶Debianapt-cacher-ng_project/apt-cacher-ng< 3-1+3

▶NVDapt-cacher_project/apt-cacher1.7.13

▶NVDapt-cacher-ng_project/apt-cacher-ng3.3

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-w6gh-25j9-8fm4: apt-cacher before 1↗2022-05-17

▶

OSV

CVE-2017-7443: apt-cacher before 1↗2017-04-05

▶

CVEList

CVE-2017-7443: apt-cacher before 1↗2017-04-05

▶

📋Vendor Advisories

Debian

CVE-2017-7443: apt-cacher - apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitt...↗2017

▶

💬Community

Bugzilla

CVE-2017-7443 apt-cacher-ng: HTTP response splitting↗2017-04-06

▶

Bugzilla

CVE-2017-7443 apt-cacher-ng: HTTP response splitting [fedora-all]↗2017-04-06

▶