What is the severity of CVE-2017-7443?

CVE-2017-7443 is classified as a medium severity vulnerability due to its potential impact on HTTP response splitting.

How do I fix CVE-2017-7443?

To resolve CVE-2017-7443, update apt-cacher to version 1.7.22 or higher, or apt-cacher-ng to version 3.6.4-1 or higher.

What software versions are affected by CVE-2017-7443?

CVE-2017-7443 affects apt-cacher versions below 1.7.15 and apt-cacher-ng versions below 3.4.

Can CVE-2017-7443 allow for remote attacks?

Yes, CVE-2017-7443 can allow attackers to exploit HTTP response splitting which may lead to further attacks.

Is CVE-2017-7443 exploitable on all platforms?

CVE-2017-7443 is exploitable specifically in environments using the affected versions of apt-cacher and apt-cacher-ng.

Vulnerability/
CVE-2017-7443

medium

6.1

CWE

113

25/3/2017

5/4/2017

16/9/2024

CVE-2017-7443

First published: Sat Mar 25 2017(Updated: )

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/apt-cacher		1.7.22 1.7.29 1.7.30
debian/apt-cacher-ng		3.6.4-1 3.7.4-1 3.7.5-1
apt-cacher-ng	<=3.3
Debian Apt-cacher	<=1.7.13

Remedy

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739

Remedy

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-7443?
CVE-2017-7443 is classified as a medium severity vulnerability due to its potential impact on HTTP response splitting.
How do I fix CVE-2017-7443?
To resolve CVE-2017-7443, update apt-cacher to version 1.7.22 or higher, or apt-cacher-ng to version 3.6.4-1 or higher.
What software versions are affected by CVE-2017-7443?
CVE-2017-7443 affects apt-cacher versions below 1.7.15 and apt-cacher-ng versions below 3.4.
Can CVE-2017-7443 allow for remote attacks?
Yes, CVE-2017-7443 can allow attackers to exploit HTTP response splitting which may lead to further attacks.
Is CVE-2017-7443 exploitable on all platforms?
CVE-2017-7443 is exploitable specifically in environments using the affected versions of apt-cacher and apt-cacher-ng.

agent/remedy
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/author
agent/severity
agent/last-modified-date
agent/event
agent/description
collector/debian-bugs
source/Debian
alias/CVE-2017-7443
collector/security-tracker-debian
agent/software-canonical-lookup
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
package-manager/debian
vendor/apt-cacher-ng project
canonical/apt-cacher-ng
version/apt-cacher-ng/3.3
vendor/apt-cacher project
canonical/debian apt-cacher
version/debian apt-cacher/1.7.13

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.