Vulnerability Name:

CVE-2022-3215 (CCN-237634)

Assigned:2022-09-27
Published:2022-09-27
Updated:2022-09-30
Summary:NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-74
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-3215

Source: XF
Type: UNKNOWN
apple-cve20223215-response-splitting(237634)

Source: CCN
Type: SwiftNIO GIT Repository
Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting) in swift-nio

Source: MISC
Type: Third Party Advisory
https://github.com/apple/swift-nio/security/advisories/GHSA-7fj7-39wj-c64f

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:swiftnio:*:*:*:*:*:*:*:* (Version >= 2.40.0 and < 2.42.0)
  • OR cpe:/a:apple:swiftnio:*:*:*:*:*:*:*:* (Version >= 2.30.0 and < 2.39.1)
  • OR cpe:/a:apple:swiftnio:*:*:*:*:*:*:*:* (Version < 2.29.1)

    • * Denotes that component is vulnerable
    BACK
    apple swiftnio *
    apple swiftnio *
    apple swiftnio *