CVE-2019-10797

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10797
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10797.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10797
Aliases
Published
2020-02-19T19:15:11.617Z
Modified
2026-05-09T11:34:49.081646Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.

References

Affected packages

Git / github.com/wso2/transport-http

Affected ranges

Type
GIT
Repo
https://github.com/wso2/transport-http
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9b968d61e5381508b96680df4a3ad7a3b378edbb
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:wso2:transport-http:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3.1"
        }
    ]
}

Affected versions

v6.*
v6.0.100
v6.0.101
v6.0.102
v6.0.103
v6.0.104
v6.0.105
v6.0.106
v6.0.107
v6.0.109
v6.0.110
v6.0.112
v6.0.113
v6.0.114
v6.0.115
v6.0.116
v6.0.117
v6.0.118
v6.0.119
v6.0.120
v6.0.121
v6.0.122
v6.0.123
v6.0.124
v6.0.126
v6.0.127
v6.0.128
v6.0.129
v6.0.130
v6.0.131
v6.0.132
v6.0.133
v6.0.134
v6.0.136
v6.0.137
v6.0.138
v6.0.139
v6.0.140
v6.0.141
v6.0.142
v6.0.143
v6.0.144
v6.0.145
v6.0.146
v6.0.147
v6.0.148
v6.0.149
v6.0.150
v6.0.151
v6.0.152
v6.0.153
v6.0.154
v6.0.155
v6.0.156
v6.0.157
v6.0.158
v6.0.159
v6.0.160
v6.0.161
v6.0.163
v6.0.165
v6.0.166
v6.0.167
v6.0.168
v6.0.169
v6.0.170
v6.0.172
v6.0.173
v6.0.174
v6.0.175
v6.0.176
v6.0.177
v6.0.178
v6.0.180
v6.0.181
v6.0.182
v6.0.183
v6.0.184
v6.0.185
v6.0.186
v6.0.187
v6.0.188
v6.0.189
v6.0.190
v6.0.191
v6.0.192
v6.0.193
v6.0.194
v6.0.195
v6.0.196
v6.0.197
v6.0.198
v6.0.199
v6.0.200
v6.0.201
v6.0.202
v6.0.203
v6.0.204
v6.0.205
v6.0.206
v6.0.208
v6.0.209
v6.0.210
v6.0.211
v6.0.212
v6.0.213
v6.0.214
v6.0.215
v6.0.217
v6.0.218
v6.0.219
v6.0.220
v6.0.221
v6.0.222
v6.0.223
v6.0.224
v6.0.226
v6.0.227
v6.0.228
v6.0.229
v6.0.230
v6.0.231
v6.0.232
v6.0.233
v6.0.234
v6.0.236
v6.0.237
v6.0.238
v6.0.240
v6.0.241
v6.0.242
v6.0.243
v6.0.244
v6.0.245
v6.0.246
v6.0.247
v6.0.248
v6.0.249
v6.0.250
v6.0.251
v6.0.252
v6.0.253
v6.0.254
v6.0.255
v6.0.257
v6.0.258
v6.0.259
v6.0.260
v6.0.261
v6.0.262
v6.0.263
v6.0.264
v6.0.265
v6.0.266
v6.0.267
v6.0.268
v6.0.269
v6.0.270
v6.0.271
v6.0.272
v6.0.273
v6.0.274
v6.0.275
v6.0.276
v6.0.277
v6.0.278
v6.0.279
v6.0.280
v6.0.281
v6.0.282
v6.0.283
v6.0.284
v6.0.285
v6.0.286
v6.0.288
v6.0.289
v6.0.290
v6.0.291
v6.0.292
v6.0.293
v6.0.294
v6.0.295
v6.0.296
v6.0.297
v6.0.298
v6.0.299
v6.0.300
v6.0.50
v6.0.51
v6.0.52
v6.0.53
v6.0.54
v6.0.55
v6.0.56
v6.0.58
v6.0.59
v6.0.60
v6.0.61
v6.0.62
v6.0.63
v6.0.64
v6.0.65
v6.0.66
v6.0.67
v6.0.68
v6.0.69
v6.0.70
v6.0.71
v6.0.72
v6.0.73
v6.0.74
v6.0.75
v6.0.76
v6.0.77
v6.0.78
v6.0.79
v6.0.80
v6.0.81
v6.0.82
v6.0.83
v6.0.84
v6.0.85
v6.0.86
v6.0.87
v6.0.88
v6.0.89
v6.0.90
v6.0.91
v6.0.92
v6.0.93
v6.0.94
v6.0.95
v6.0.96
v6.0.97
v6.0.98
v6.0.99
v6.1.0
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.2
v6.1.3
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2.0
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.17
v6.2.18
v6.2.19
v6.2.2
v6.2.21
v6.2.22
v6.2.23
v6.2.24
v6.2.25
v6.2.26
v6.2.27
v6.2.28
v6.2.29
v6.2.30
v6.2.31
v6.2.32
v6.2.33
v6.2.34
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10797.json"