How severe is CVE-2019-15259?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2019-15259?

This is classified as CWE-113, which is a common weakness in software security.

CVE-2019-15259

MEDIUM Year: 2019

CVSS v3 Score

6.1

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-113

View all →

Vulnerability Description

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits.

CVE-2016-5325

MEDIUM

CVSS:6.1(Medium)

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject ...

CWE-1132016

CVE-2016-5699

MEDIUM

CVSS:6.1(Medium)

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP ...

CWE-1132016

CVE-2016-6839

MEDIUM

CVSS:6.1(Medium)

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CWE-1132016

CVE-2017-12308

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of th...

CWE-1132017

CVE-2017-1262

MEDIUM

CVSS:6.1(Medium)

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respon...

CWE-1132017

CVE-2017-7443

MEDIUM

CVSS:6.1(Medium)

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.

CWE-1132017

CVE-2019-15259

Vulnerability Description

Related Vulnerabilities

CVE-2016-5325

CVE-2016-5699

CVE-2016-6839

CVE-2017-12308

CVE-2017-1262

CVE-2017-7443