CVE-2019-25101

04.02.2023, 08:15

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059.

HTTP Request/Response Splitting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	6.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Vendor	Product	Version
turbogears_project	turbogears	1.0.11.10

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://github.com/OnShift/turbogears/commit/f68bbaba47f4474e1da553aa51564a73e1d92a84

https://github.com/OnShift/turbogears/pull/18

https://github.com/OnShift/turbogears/releases/tag/v1.0.11.11

https://vuldb.com/?ctiid.220059

https://vuldb.com/?id.220059

https://github.com/OnShift/turbogears/commit/f68bbaba47f4474e1da553aa51564a73e1d92a84

https://github.com/OnShift/turbogears/pull/18

https://github.com/OnShift/turbogears/releases/tag/v1.0.11.11

https://vuldb.com/?ctiid.220059

https://vuldb.com/?id.220059