CVE-2019-17513

HIGH

Ratpack < 1.7.5 - HTTP Response Splitting via Unvalidated HTTP Headers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-17513. PoCs published by epicosy.

AI-analyzed exploit summary This repository appears to be a legitimate Ratpack project but does not contain any exploit code or proof-of-concept for CVE-2019-17513. It includes build configurations, documentation, and source code for the Ratpack framework itself.

Description

An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.

Exploits (1)

nomisec STUB
by epicosy · poc
https://github.com/epicosy/Ratpack-1

This repository appears to be a legitimate Ratpack project but does not contain any exploit code or proof-of-concept for CVE-2019-17513. It includes build configurations, documentation, and source code for the Ratpack framework itself.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Ratpack
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.5
EPSS 0.0125
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-74
Status published
Products (2)
io.ratpack/ratpack-core 0 - 1.7.5Maven
ratpack_project/ratpack < 1.7.5
Published Oct 18, 2019
Tracked Since Feb 18, 2026