CVE-2019-19326
published 2020-07-15CVE-2019-19326: Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache…
PriorityP427medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.76%
50.6th percentile
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | framework | >= 3.0.0 < 3.7.5 | 3.7.5 |
| silverstripe | framework | >= 4.0.0 < 4.4.7 | 4.4.7 |
| silverstripe | framework | >= 4.5.0 < 4.5.4 | 4.5.4 |
| silverstripe | silverstripe | >= 3.0.0 < 3.7.5 | 3.7.5 |
| silverstripe | silverstripe | >= 4.0.0 < 4.4.7 | 4.4.7 |
| silverstripe | silverstripe | >= 4.5.0 < 4.5.4 | 4.5.4 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
ghsa·2022-05-24
CVE-2019-19326 [MEDIUM] CWE-444 SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.
OSV
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
osv·2022-05-24
CVE-2019-19326 [MEDIUM] SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-15
Published