cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run before decoding, so encoded %0D%0A passes the check and is then expanded to a literal \r\n byte pair inside the stored header value. This vulnerability is fixed in 0.44.0.
A server based on cpp-httplib performs validation of request header values (is_field_value function) before performing percent-decoding. The encoded sequence %0D%0A passes validation without errors because in encoded form it does not contain forbidden characters. Then, after decoding, this sequence is expanded to a literal pair of bytes \r\n and written to the internal header structure. This allows an attacker to inject arbitrary headers or split HTTP responses (HTTP response splitting) through a crafted network request.
An unauthenticated attacker can manipulate HTTP response headers generated by the server, leading to high integrity violation, and potentially also to attacks such as cache poisoning, cross-site scripting, or server content spoofing.
The cpp-httplib library should be updated to version 0.44.0 or later, in which the issue has been fixed by performing header validation after percent-decoding.
The cpp-httplib library (C++11 single-file header-only HTTP/HTTPS library) in versions prior to 0.44.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:LYhirose Cpp Httplib
APPYhirose< 0.44.0
Related vulnerabilities
cpp-httplib: spoofing nagłówków HTTP umożliwia bypass autoryzacji i zatrucie logów
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the se...
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-htt...
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-...
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-...