Apt Cacher Ng
CVE-2017-7443
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
AnalysisAI
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-113. apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. Affected products include: Apt-Cacher-Ng Project Apt-Cacher-Ng, Apt-Cacher Project Apt-Cacher. Version information: before 1.7.15.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Apt Cacher Ng
View allapt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. Rated
Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. Rated medium severity (CVSS 5.1), this vulnerability is re
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. Rated medium severity (CVSS 5.1), this vulnerability is re
Same weakness CWE-113 – HTTP Response Splitting
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today