CVE-2022-37242: HTTP Response splitting through ‘DATA’ parameter
Description
On June 05, the security team of Green Tick Nepal Pvt. Ltd. located in Kathmandu, Nepal discovered that MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
Proof of Concept
The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for MDaemon Technologies. The vulnerability was found in MDaemon SecurityGateway for Email Servers 8.5.2. The HTTP response Splitting occurs when a web server fails to sanitize CR and LF characters before the data is included in outgoing HTTP headers. The vulnerability allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses. Impacts depend on the technological stack, with outcomes including Cross-Site Scripting, Cookie Injection, CORS Headers Injection, CSP Bypass, Cache Poisoning attacks, and many others.
Solution
- As with other similar injection attacks, HTTP Response Splitting can be mitigated by performing appropriate server-side validation and escaping. The canonical ways are the following:
- Carefully validate and sanitize any user-provided content that might be used to compose response headers.
- Encode dangerous characters such as \r and \n.
CVE-ID | Description | Products |
CVE-2022-37242 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 |
History
2022-06-05: Vulnerability found.
2022-06-06: Vendor contacted.
2022-07-06: Vendor acknowledged and asked for one month time for public disclosure.
2022-07-26: Vendor released Security Notes.
2022-07-27: Requested for CVE.
2022-08-26: CVE Published.
References
https://gtn.com.np/storage/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf
https://nvd.nist.gov/vuln/detail/CVE-2022-37242
https://files.mdaemon.com/securitygateway/release/relnotes_en.htm