CVE-2017-7443

Published: Apr 5, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

Affected (2)

Products: Apt Cacher Ng Project: Apt Cacher Ng · Apt Cacher Project: Apt Cacher

Apt Cacher Ng Project

1 product

Apt Cacher Ng

Apt Cacher Project

1 product

Apt Cacher

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apt Cacher Ng Project Apt Cacher Ng	Up to 3.3
Apt Cacher Project Apt Cacher	Up to 1.7.13

Related CWEs

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

References (4)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739

Source: cve@mitre.org

PatchThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833

Source: cve@mitre.org

PatchThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.