Search for vulnerabilities
Vulnerability details: VCID-95dr-z3gr-aaag
Vulnerability ID VCID-95dr-z3gr-aaag
Aliases CVE-2019-9741
Summary An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9741.html
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1300
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1519
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9741.json
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.00979 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
epss 0.01567 https://api.first.org/data/v1/epss?cve=CVE-2019-9741
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1688230
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741
cvssv3 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-9741
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-9741
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-9741
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9741.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9741.json
https://api.first.org/data/v1/epss?cve=CVE-2019-9741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/golang/go/issues/30794
https://lists.debian.org/debian-lts-announce/2019/04/msg00007.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOOVCEPQM7TZA6VEZEEB7QZABXNHQEHH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOOVCEPQM7TZA6VEZEEB7QZABXNHQEHH/
http://www.securityfocus.com/bid/107432
1688230 https://bugzilla.redhat.com/show_bug.cgi?id=1688230
924630 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924630
cpe:2.3:a:golang:go:1.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVE-2019-9741 https://nvd.nist.gov/vuln/detail/CVE-2019-9741
RHSA-2019:1300 https://access.redhat.com/errata/RHSA-2019:1300
RHSA-2019:1519 https://access.redhat.com/errata/RHSA-2019:1519
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9741.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-9741
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-9741
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-9741
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.67298
EPSS Score 0.00268
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.