Xerver HTTP CRLF Injection Response Splitting (CVE-2009-4086)

Vulnerability
Protection

Check Point Reference:	CPAI-2011-318
Date Published:
Severity:
Source:
Industry Reference(s):	CVE-2009-4086
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Xerver HTTP Server 4.31 and 4.32
Vulnerability Description An HTTP response splitting has been reported in Xerver HTTP Server that could allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL.

Vulnerability Details
This is a CRLF injection vulnerability in Xerver HTTP Server . Remote attackers could use this vulnerability to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL

Protection Overview
This protection will detect and block CLRF encoded characters in HTTP request.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?
1. In the IPS tab, click Protections and find the Xerver HTTP CRLF Injection Response Splitting protection using the Search tool and Edit the protection's settings.
2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Server Enforcement Violation
Attack Information: Xerver HTTP CRLF injection response splitting

Legal Notice for Threat Center Advisories