HTTP Request Splitting in Zeek 4.1.0 Exploited by Security Analysis
CVE-2021-41732

7.5HIGH

Key Information:

Vendor

Zeek

Status
Vendor
CVE Published:
29 September 2021

What is CVE-2021-41732?

In Zeek version 4.1.0, a vulnerability allows HTTP request splitting, which can compromise the integrity of HTTP-based security analyses. This flaw can result in invalidation of HTTP requests, leading to potential security analysis failures. It is important to note that the vendor states this behavior is intended.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.