Vulnerability-Lookup

CVE-2019-16771 (GCVE-0-2019-16771)

Vulnerability from cvelistv5 – Published: 2019-12-06 19:00 – Updated: 2024-08-05 01:24

Title

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Summary

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	LINE	Armeria	Affected: < 0.97.0 , < 0.97.0 (custom)

GHSA-35FR-H7JR-HH86

Vulnerability from github – Published: 2019-12-06 18:55 – Updated: 2021-04-27 18:03

Summary

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Details

Impact

Cross-User Defacement
Cache Poisoning
Cross-Site Scripting (XSS)
Page Hijacking

Root Cause

The root cause is due to the usage of Netty without the HTTP header validation.

https://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/common/DefaultHttpHeaders.java#L23

Patches

This vulnerability has been patched in 0.97.0.

References

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j

For more information

If you have any questions or comments about this advisory: * Open an issue in GitHub

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.linecorp.armeria:armeria"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.85.0"
            },
            {
              "fixed": "0.97.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-113",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-27T18:03:07Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response.\n\n### Impact\n\n1. Cross-User Defacement\n2. Cache Poisoning\n3. Cross-Site Scripting (XSS)\n4. Page Hijacking\n\n\n### Root Cause\n\nThe root cause is due to the usage of Netty without the HTTP header validation.\n\nhttps://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/common/DefaultHttpHeaders.java#L23\n\n### Patches\n\nThis vulnerability has been patched in 0.97.0.\n\n### References\n\n[CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)](https://cwe.mitre.org/data/definitions/113.html)\nhttps://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [GitHub](https://github.com/line/armeria/issues)",
  "id": "GHSA-35fr-h7jr-hh86",
  "modified": "2021-04-27T18:03:07Z",
  "published": "2019-12-06T18:55:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) in Armeria"
}

GHSA-24R8-FM9R-CPJ2

Vulnerability from github – Published: 2019-12-05 18:40 – Updated: 2024-05-15 06:34

Summary

Low severity vulnerability that affects com.linecorp.armeria:armeria

Details

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function

Impact

String comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the insecure implementation of equals method from java.lang.String. While this attack is not practically possible, an attacker still has a potential to attack if the victim's server validates user by using equals method.

We would like to thank @chrsow for pointing out the issue.

Potentially vulnerable codes

https://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/server/auth/OAuth2Token.java#L54 https://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/server/auth/BasicToken.java#L64

Patches

There are two options to patch this issue.

Remove equals method; it has been exclusively used for test cases and was never used in any OSS projects that are using Armeria. (But it is worth noting that there are possibilities of closed projects authenticating users by utilizing equals method)
Use MessageDigest.isEqual to compare the credential instead.

Workarounds

Update to the latest version (TBD)

2-1. Users can prevent these vulnerabilities by modifying and implementing timing attack preventions by themselves.

2-2. Precisely speaking, it is possible to compare credentials by securely comparing them after calling methods to directly return the input (namely Object. accessToken(), Object.username() and Object.password()).

References

https://cwe.mitre.org/data/definitions/208.html
https://security.stackexchange.com/questions/111040/should-i-worry-about-remote-timing-attacks-on-string-comparison

Side Note

Since it is a theoretical attack, there is no PoC available from neither the vendor nor the security team.

Severity ?

4.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.linecorp.armeria:armeria"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.50.0"
            },
            {
              "fixed": "0.97.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-113"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:51:26Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function\n\n### Impact\n\nString comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the insecure implementation of `equals` method from `java.lang.String`. While this attack is not practically possible, an attacker still has a potential to attack if the victim\u0027s server validates user by using `equals` method.\n\nWe would like to thank @chrsow for pointing out the issue.\n\n## Potentially vulnerable codes\n\nhttps://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/server/auth/OAuth2Token.java#L54\nhttps://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/server/auth/BasicToken.java#L64\n\n### Patches\n\nThere are two options to patch this issue.\n\n1. Remove `equals` method; it has been exclusively used for test cases and was never used in any OSS projects that are using Armeria. (But it is worth noting that there are possibilities of closed projects authenticating users by utilizing `equals` method)\n\n2. Use `MessageDigest.isEqual` to compare the credential instead.\n\n### Workarounds\n\n1. Update to the latest version (TBD)\n\n2-1. Users can prevent these vulnerabilities by modifying and implementing timing attack preventions by themselves.\n\n2-2. Precisely speaking, it is possible to compare credentials by securely comparing them after calling methods to directly return the input (namely `Object. accessToken()`, `Object.username()` and `Object.password()`).\n\n### References\n- https://cwe.mitre.org/data/definitions/208.html\n- https://security.stackexchange.com/questions/111040/should-i-worry-about-remote-timing-attacks-on-string-comparison\n\n### Side Note\n\nSince it is a theoretical attack, there is no PoC available from neither the vendor nor the security team.",
  "id": "GHSA-24r8-fm9r-cpj2",
  "modified": "2024-05-15T06:34:23Z",
  "published": "2019-12-05T18:40:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/security/advisories/GHSA-24r8-fm9r-cpj2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16771"
    },
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-24r8-fm9r-cpj2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Low severity vulnerability that affects com.linecorp.armeria:armeria"
}

CNVD-2020-03192

Vulnerability from cnvd - Published: 2020-01-22

Title

Armeria注入漏洞

Description

Armeria是一款用于构建使用HTTP/2作为会话层协议的异步微服务器的开源库。 Armeria存在注入漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中，网络系统或产品缺乏对用户输入数据的正确验证，未过滤或未正确过滤掉其中的特殊元素，导致系统或产品产生解析或解释方式错误。攻击者可利用该漏洞通过CRLF序列注入任意HTTP标头。

Severity

中

Patch Name

Armeria注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-16771

Impacted products

Name
Linecorp Armeria >=0.85.0，<=0.96.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16771"
    }
  },
  "description": "Armeria\u662f\u4e00\u6b3e\u7528\u4e8e\u6784\u5efa\u4f7f\u7528HTTP/2\u4f5c\u4e3a\u4f1a\u8bdd\u5c42\u534f\u8bae\u7684\u5f02\u6b65\u5fae\u670d\u52a1\u5668\u7684\u5f00\u6e90\u5e93\u3002\n\nArmeria\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u8f93\u5165\u6784\u9020\u547d\u4ee4\u3001\u6570\u636e\u7ed3\u6784\u6216\u8bb0\u5f55\u7684\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u672a\u8fc7\u6ee4\u6216\u672a\u6b63\u786e\u8fc7\u6ee4\u6389\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u5bfc\u81f4\u7cfb\u7edf\u6216\u4ea7\u54c1\u4ea7\u751f\u89e3\u6790\u6216\u89e3\u91ca\u65b9\u5f0f\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7CRLF\u5e8f\u5217\u6ce8\u5165\u4efb\u610fHTTP\u6807\u5934\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03192",
  "openTime": "2020-01-22",
  "patchDescription": "Armeria\u662f\u4e00\u6b3e\u7528\u4e8e\u6784\u5efa\u4f7f\u7528HTTP/2\u4f5c\u4e3a\u4f1a\u8bdd\u5c42\u534f\u8bae\u7684\u5f02\u6b65\u5fae\u670d\u52a1\u5668\u7684\u5f00\u6e90\u5e93\u3002\r\n\r\nArmeria\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u8f93\u5165\u6784\u9020\u547d\u4ee4\u3001\u6570\u636e\u7ed3\u6784\u6216\u8bb0\u5f55\u7684\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u672a\u8fc7\u6ee4\u6216\u672a\u6b63\u786e\u8fc7\u6ee4\u6389\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u5bfc\u81f4\u7cfb\u7edf\u6216\u4ea7\u54c1\u4ea7\u751f\u89e3\u6790\u6216\u89e3\u91ca\u65b9\u5f0f\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7CRLF\u5e8f\u5217\u6ce8\u5165\u4efb\u610fHTTP\u6807\u5934\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Armeria\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linecorp Armeria \u003e=0.85.0\uff0c\u003c=0.96.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-16771",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-09",
  "title": "Armeria\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2019-16771

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-16771

Aliases

CVE-2019-16771

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-16771",
    "description": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.",
    "id": "GSD-2019-16771"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-16771"
      ],
      "details": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.",
      "id": "GSD-2019-16771",
      "modified": "2023-12-13T01:23:40.705537Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2019-16771",
        "STATE": "PUBLIC",
        "TITLE": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) in Armeria"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Armeria",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "\u003c 0.97.0",
                          "version_value": "0.97.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "LINE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86",
            "refsource": "CONFIRM",
            "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"
          },
          {
            "name": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20",
            "refsource": "MISC",
            "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-35fr-h7jr-hh86",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,0.97.0)",
          "affected_versions": "All versions before 0.97.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-937"
          ],
          "date": "2021-01-08",
          "description": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.",
          "fixed_versions": [
            "0.97.0"
          ],
          "identifier": "CVE-2019-16771",
          "identifiers": [
            "GHSA-24r8-fm9r-cpj2",
            "CVE-2019-16771"
          ],
          "not_impacted": "All versions starting from 0.97.0",
          "package_slug": "maven/com.linecorp.armeria/armeria",
          "pubdate": "2019-12-05",
          "solution": "Upgrade to version 0.97.0 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://github.com/line/armeria/security/advisories/GHSA-24r8-fm9r-cpj2",
            "https://nvd.nist.gov/vuln/detail/CVE-2019-16771",
            "https://github.com/advisories/GHSA-24r8-fm9r-cpj2",
            "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86",
            "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"
          ],
          "uuid": "834cd7d7-b939-4a17-91ab-cf85b67d00f4"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.97.0",
                "versionStartIncluding": "0.85.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2019-16771"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"
            },
            {
              "name": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2019-12-16T14:19Z",
      "publishedDate": "2019-12-06T19:15Z"
    }
  }
}

FKIE_CVE-2019-16771

Vulnerability from fkie_nvd - Published: 2019-12-06 19:15 - Updated: 2024-11-21 04:31

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20	Patch, Vendor Advisory
security-advisories@github.com	https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	linecorp	armeria	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB9CCDB-7459-4457-878A-371BFCA21B38",
              "versionEndExcluding": "0.97.0",
              "versionStartIncluding": "0.85.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."
    },
    {
      "lang": "es",
      "value": "Las versiones 0.85.0 hasta la 0.96.0 incluy\u00e9ndola de Armeria,  son vulnerables a una divisi\u00f3n de la respuesta HTTP, lo que permite a atacantes remotos inyectar encabezados HTTP arbitrarios por medio de secuencias CRLF cuando datos no saneados son usados para llenar los encabezados de una respuesta HTTP. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 0.97.0. Impactos potenciales de esta vulnerabilidad incluyen la desfiguraci\u00f3n de usuarios cruzados, el envenenamiento de la cach\u00e9, un ataque de tipo Cross-site scripting (XSS) y el secuestro de p\u00e1ginas."
    }
  ],
  "id": "CVE-2019-16771",
  "lastModified": "2024-11-21T04:31:09.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-06T19:15:10.787",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-113"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-16771 (GCVE-0-2019-16771)

GHSA-35FR-H7JR-HH86

Impact

Root Cause

Patches

References

For more information

GHSA-24R8-FM9R-CPJ2

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function

Impact

Potentially vulnerable codes

Patches

Workarounds

References

Side Note

CNVD-2020-03192

GSD-2019-16771

FKIE_CVE-2019-16771

Tags

Sightings

Nomenclature