CVE-2019-5314

Published: Sep 13, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.

Affected (4)

Products: Arubanetworks: Arubaos

Arubanetworks

1 product

Arubaos

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	Before 6.4.4.20
Arubanetworks Arubaos	From 6.5.4.0 to 6.5.4.11
Arubanetworks Arubaos	From 6.5.4.12 to 8.2.1.0
Arubanetworks Arubaos	From 8.2.1.1 to 8.3.0.0

Related CWEs

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.