Main Vulnerability Database Vulnerabilities #VU25909

HTTP response splitting in Microsoft products - CVE-2020-0645

Published: March 10, 2020

Vulnerability identifier: #VU25909

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-0645

CWE-ID: CWE-113

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server
Microsoft Internet Information Services (IIS)

Detailed vulnerability description

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not corrector process HTTP request headers. A remote attacker can send specially crafted HTTP request and modify the response, sent by the web server.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

How to mitigate CVE-2020-0645

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0645

HTTP response splitting in Microsoft products - CVE-2020-0645

Detailed vulnerability description

How to mitigate CVE-2020-0645

Sources

Please verify you're human