HTTP Response Splitting in WorkstationST < v07.09.15
CVE-2022-37953 Published on August 25, 2022
WorkstationST - Response Splitting in AM Gateway Challenge-Response
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
Vulnerability Analysis
CVE-2022-37953 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a HTTP Response Splitting Vulnerability?
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVE-2022-37953 has been classified to as a HTTP Response Splitting vulnerability or weakness.
Products Associated with CVE-2022-37953
Want to know whenever a new CVE is published for GE Workstationst? stack.watch will email you.
Affected Versions
GE Gas Power WorkstationST:- Version unspecified and below 07.09.15 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.