How severe is CVE-2022-41915?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-41915?

This is classified as CWE-113, which is a common weakness in software security.

CVE-2022-41915

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-113

View all →

Vulnerability Description

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

CVE-2017-7528

MEDIUM

CVSS:6.5(Medium)

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using ca...

CWE-1132017

CVE-2019-16771

MEDIUM

CVSS:6.5(Medium)

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized da...

CWE-1132019

CVE-2020-10753

MEDIUM

CVSS:6.5(Medium)

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the Expo...

CWE-1132020

CVE-2020-5249

MEDIUM

CVSS:6.5(Medium)

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject ma...

CWE-1132020

CVE-2023-48256

MEDIUM

CVSS:6.3(Medium)

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.

CWE-1132023

CVE-2024-24795

MEDIUM

CVSS:6.3(Medium)

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Use...

CWE-1132024

CVE-2022-41915

Vulnerability Description

Related Vulnerabilities

CVE-2017-7528

CVE-2019-16771

CVE-2020-10753

CVE-2020-5249

CVE-2023-48256

CVE-2024-24795