How severe is CVE-2020-3117?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2020-3117?

This is classified as CWE-113, which is a common weakness in software security.

CVE-2020-3117

MEDIUM Year: 2020

CVSS v3 Score

4.7

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-113

View all →

Vulnerability Description

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.

CVE-2023-0508

MEDIUM

CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. O...

CWE-1132023

CVE-2024-42487

MEDIUM

CVSS:4.3(Medium)

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes...

CWE-1132024

CVE-2025-30221

MEDIUM

CVSS:4.3(Medium)

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitc...

CWE-1132025

CVE-2017-12309

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the ...

CWE-1132017

CVE-2017-17742

MEDIUM

CVSS:5.3(Medium)

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP...

CWE-1132017

CVE-2022-20772

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulner...

CWE-1132022

CVE-2020-3117

Vulnerability Description

Related Vulnerabilities

CVE-2023-0508

CVE-2024-42487

CVE-2025-30221

CVE-2017-12309

CVE-2017-17742

CVE-2022-20772