Description
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by s4squatch · textwebappsmultiple
https://www.exploit-db.com/exploits/10170
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36681
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54356
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37064
Exploit x_refsource_misc
http://packetstormsecurity.org/0911-exploits/xerver-split.txt
Scores
EPSS
0.0250
EPSS Percentile
85.4%
Details
CWE
CWE-20
Status
published
Products (2)
javascript/xerver_http_server
4.31
javascript/xerver_http_server
4.32
Published
Nov 29, 2009
Tracked Since
Feb 18, 2026