Main Vulnerability Database Vulnerabilities #VU107592

#VU107592 Inconsistent interpretation of HTTP requests in HPE products - CVE-2023-30910

Published: April 17, 2025

Vulnerability identifier: #VU107592

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-30910

CWE-ID: CWE-444

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
HPE MSA 2062 Storage
HPE MSA 2060 Storage
HPE MSA 1060 Storage

Software vendor:
HPE

Description

The vulnerability allows a remote user to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote user can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Remediation

Install updates from vendor's website.

External links

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us

#VU107592 Inconsistent interpretation of HTTP requests in HPE products - CVE-2023-30910

Description

Remediation

External links

Please verify you're human