CVE-2022-37240
CRITICALSecurityGateway for Email Servers 8.5.2 - HTTP Response Splitting via Format Parameter
Title source: llmDescription
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://files.mdaemon.com/securitygateway/release/relnotes_en.htm
Exploit, Third Party Advisory x_refsource_misc
https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf
Scores
CVSS v3
9.8
EPSS
0.0120
EPSS Percentile
64.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
altn/security_gateway_for_email_servers
8.5.2
Published
Aug 25, 2022
Tracked Since
Feb 18, 2026