Main Vulnerability Database Vulnerabilities #VU107592

Inconsistent interpretation of HTTP requests in HPE products - CVE-2023-30910

Published: April 17, 2025

Vulnerability identifier: #VU107592

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-30910

CWE-ID: CWE-444

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: HPE

Affected software:
HPE MSA 2062 Storage
HPE MSA 2060 Storage
HPE MSA 1060 Storage

Detailed vulnerability description

The vulnerability allows a remote user to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote user can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

How to mitigate CVE-2023-30910

Install updates from vendor's website.

Sources

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us

Inconsistent interpretation of HTTP requests in HPE products - CVE-2023-30910

Detailed vulnerability description

How to mitigate CVE-2023-30910

Sources

Please verify you're human