PT-2020-9148 · Wso2 · Wso2 Transport-Http

Published

2020-02-19

Updated

2022-02-09

CVE-2019-10797

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WSO2 transport-http versions prior to 6.3.1

Description The issue is related to HTTP Response Splitting due to HTTP Header validation being disabled. This affects Netty in WSO2 transport-http.

Recommendations For versions prior to 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider enabling HTTP Header validation to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113

Related Identifiers

CVE-2019-10797

GHSA-RVPC-W57P-Q95F

SNYK-JAVA-ORGWSO2TRANSPORTHTTP-548944

Affected Products

Wso2 Transport-Http

PT-2020-9148 · Wso2 · Wso2 Transport-Http

CVE-2019-10797

Weakness Enumeration

Related Identifiers

Affected Products

References · 5