First published: Wed Feb 19 2020(Updated: )
Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 transport-http | <6.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10797 is a vulnerability in Netty in WSO2 transport-http before v6.3.1 that allows for HTTP Response Splitting due to disabled HTTP Header validation.
The severity of CVE-2019-10797 is medium with a CVSS score of 6.5.
CVE-2019-10797 affects WSO2 transport-http versions up to and excluding v6.3.1.
HTTP Response Splitting is a vulnerability that allows an attacker to inject additional HTTP headers, which can lead to various attacks such as cache poisoning, cross-site scripting, and session hijacking.
To fix CVE-2019-10797, upgrade to WSO2 transport-http version 6.3.1 or later.