CVE-2017-7443

MEDIUM

apt-cacher <1.7.15-apt-cacher-ng <3.4 - XSS

Title source: llm

Description

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

References (2)

[Patch, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739

[Patch, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 47.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-113

Status published

Affected Products (3)

apt-cacher-ng_project/apt-cacher-ng < 3.3

apt-cacher_project/apt-cacher < 1.7.13

n/a/n/a

Timeline

Published Apr 05, 2017

Tracked Since Feb 18, 2026