Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2cGMtdzU3cC1xOTVm
HTTP Response Splitting in WSO2 transport-http
Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.
Permalink: https://github.com/advisories/GHSA-rvpc-w57p-q95fJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2cGMtdzU3cC1xOTVm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Identifiers: GHSA-rvpc-w57p-q95f, CVE-2019-10797
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10797
- https://snyk.io/vuln/SNYK-JAVA-ORGWSO2TRANSPORTHTTP-548944
- https://github.com/advisories/GHSA-rvpc-w57p-q95f
Affected Packages
maven:org.wso2.transport.http:org.wso2.transport.http.netty
Dependent packages: 31Dependent repositories: 52
Downloads:
Affected Version Ranges: < 6.3.1
Fixed in: 6.3.1
All affected versions: 6.0.50, 6.0.51, 6.0.52, 6.0.53, 6.0.54, 6.0.55, 6.0.56, 6.0.57, 6.0.58, 6.0.59, 6.0.60, 6.0.61, 6.0.62, 6.0.63, 6.0.64, 6.0.65, 6.0.66, 6.0.67, 6.0.68, 6.0.69, 6.0.70, 6.0.71, 6.0.72, 6.0.73, 6.0.74, 6.0.75, 6.0.76, 6.0.77, 6.0.78, 6.0.79, 6.0.80, 6.0.81, 6.0.82, 6.0.85, 6.0.86, 6.0.87, 6.0.88, 6.0.89, 6.0.90, 6.0.91, 6.0.92, 6.0.93, 6.0.94, 6.0.95, 6.0.96, 6.0.97, 6.0.98, 6.0.99, 6.0.100, 6.0.101, 6.0.102, 6.0.103, 6.0.104, 6.0.105, 6.0.106, 6.0.107, 6.0.108, 6.0.109, 6.0.110, 6.0.111, 6.0.112, 6.0.113, 6.0.114, 6.0.115, 6.0.116, 6.0.117, 6.0.118, 6.0.119, 6.0.120, 6.0.121, 6.0.122, 6.0.123, 6.0.124, 6.0.125, 6.0.126, 6.0.127, 6.0.128, 6.0.129, 6.0.130, 6.0.131, 6.0.132, 6.0.133, 6.0.134, 6.0.135, 6.0.136, 6.0.137, 6.0.138, 6.0.139, 6.0.140, 6.0.141, 6.0.142, 6.0.143, 6.0.144, 6.0.145, 6.0.146, 6.0.147, 6.0.148, 6.0.149, 6.0.150, 6.0.151, 6.0.152, 6.0.153, 6.0.154, 6.0.155, 6.0.156, 6.0.157, 6.0.158, 6.0.159, 6.0.160, 6.0.161, 6.0.162, 6.0.163, 6.0.165, 6.0.166, 6.0.167, 6.0.168, 6.0.169, 6.0.170, 6.0.171, 6.0.172, 6.0.173, 6.0.174, 6.0.175, 6.0.176, 6.0.177, 6.0.178, 6.0.179, 6.0.180, 6.0.181, 6.0.182, 6.0.183, 6.0.184, 6.0.185, 6.0.186, 6.0.187, 6.0.188, 6.0.189, 6.0.190, 6.0.191, 6.0.192, 6.0.193, 6.0.194, 6.0.195, 6.0.196, 6.0.197, 6.0.198, 6.0.199, 6.0.200, 6.0.201, 6.0.202, 6.0.203, 6.0.204, 6.0.205, 6.0.206, 6.0.207, 6.0.208, 6.0.209, 6.0.210, 6.0.211, 6.0.212, 6.0.213, 6.0.214, 6.0.215, 6.0.216, 6.0.217, 6.0.218, 6.0.219, 6.0.220, 6.0.221, 6.0.222, 6.0.223, 6.0.224, 6.0.225, 6.0.226, 6.0.227, 6.0.228, 6.0.229, 6.0.230, 6.0.231, 6.0.232, 6.0.233, 6.0.234, 6.0.236, 6.0.237, 6.0.238, 6.0.240, 6.0.241, 6.0.242, 6.0.243, 6.0.244, 6.0.245, 6.0.246, 6.0.247, 6.0.248, 6.0.249, 6.0.250, 6.0.251, 6.0.252, 6.0.253, 6.0.254, 6.0.255, 6.0.256, 6.0.257, 6.0.258, 6.0.259, 6.0.260, 6.0.261, 6.0.262, 6.0.263, 6.0.264, 6.0.265, 6.0.266, 6.0.267, 6.0.268, 6.0.269, 6.0.270, 6.0.271, 6.0.272, 6.0.273, 6.0.274, 6.0.275, 6.0.290, 6.0.291, 6.0.292, 6.0.293, 6.0.294, 6.2.27, 6.2.28, 6.2.29, 6.2.30
All unaffected versions: 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.3.15, 6.3.16, 6.3.17, 6.3.18, 6.3.19, 6.3.20, 6.3.21, 6.3.22, 6.3.23, 6.3.24, 6.3.25, 6.3.26, 6.3.27, 6.3.28, 6.3.29, 6.3.30, 6.3.31, 6.3.32, 6.3.33, 6.3.34, 6.3.35, 6.3.37, 6.3.38, 6.3.39, 6.3.40, 6.3.41, 6.3.42, 6.3.43, 6.3.47