CVE-2017-7443 - OpenCVE

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apt-cacher-ng Project	Apt-cacher-ng
Apt-cacher Project	Apt-cacher

Configuration 1 [-]

OR	cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng::::::::
	cpe:2.3:a:apt-cacher_project:apt-cacher::::::::

References

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739	Patch Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:02

Updated: 2022-10-03T16:23:02

Reserved: 2022-10-03T00:00:00

Link: CVE-2017-7443

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-05T20:59:00.400

Modified: 2017-04-12T15:20:13.010

Link: CVE-2017-7443

JSON object: View

Redhat Information

No data.

CWE

CWE-113

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F58C1F6-AA0C-46EC-81CC-14F62DDD1D1F", "versionEndIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apt-cacher_project:apt-cacher:*:*:*:*:*:*:*:*", "matchCriteriaId": "68F8C278-E063-41DF-8773-F644AE670E6D", "versionEndIncluding": "1.7.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression."}, {"lang": "es", "value": "apt-cacher en versiones anteriores a 1.7.15 y apt-cacher-ng en versiones anteriores a 3.4 permiten divisi\u00f3n de respuestas HTTP a trav\u00e9s de caracteres de nueva l\u00ednea codificados, relacionados con la falta de bloqueo para la expresi\u00f3n regular de%0[ad]"}], "id": "CVE-2017-7443", "lastModified": "2017-04-12T15:20:13.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-05T20:59:00.400", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-113"}], "source": "nvd@nist.gov", "type": "Primary"}]}