CVE-2019-16771 - OpenCVE

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linecorp	Armeria

Configuration 1 [-]

cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20
https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2019-12-06T19:00:20

Updated: 2024-08-05T01:24:48.270Z

Reserved: 2019-09-24T00:00:00

Link: CVE-2019-16771

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-06T19:15:10.787

Modified: 2019-12-16T14:19:27.753

Link: CVE-2019-16771

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Armeria", "vendor": "LINE", "versions": [{"lessThan": "0.97.0", "status": "affected", "version": "< 0.97.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-113", "description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-11T14:46:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"}], "source": {"advisory": "GHSA-35fr-h7jr-hh86", "discovery": "UNKNOWN"}, "title": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16771", "STATE": "PUBLIC", "TITLE": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Armeria", "version": {"version_data": [{"version_affected": "<", "version_name": "< 0.97.0", "version_value": "0.97.0"}]}}]}, "vendor_name": "LINE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86", "refsource": "CONFIRM", "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"}, {"name": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20", "refsource": "MISC", "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"}]}, "source": {"advisory": "GHSA-35fr-h7jr-hh86", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:24:48.270Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2019-16771", "datePublished": "2019-12-06T19:00:20", "dateReserved": "2019-09-24T00:00:00", "dateUpdated": "2024-08-05T01:24:48.270Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BB9CCDB-7459-4457-878A-371BFCA21B38", "versionEndExcluding": "0.97.0", "versionStartIncluding": "0.85.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."}, {"lang": "es", "value": "Las versiones 0.85.0 hasta la 0.96.0 incluy\u00e9ndola de Armeria, son vulnerables a una divisi\u00f3n de la respuesta HTTP, lo que permite a atacantes remotos inyectar encabezados HTTP arbitrarios por medio de secuencias CRLF cuando datos no saneados son usados para llenar los encabezados de una respuesta HTTP. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 0.97.0. Impactos potenciales de esta vulnerabilidad incluyen la desfiguraci\u00f3n de usuarios cruzados, el envenenamiento de la cach\u00e9, un ataque de tipo Cross-site scripting (XSS) y el secuestro de p\u00e1ginas."}], "id": "CVE-2019-16771", "lastModified": "2019-12-16T14:19:27.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2019-12-06T19:15:10.787", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-113"}], "source": "security-advisories@github.com", "type": "Secondary"}]}