Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-48256

Summary
Assigner-bosch
Assigner Org ID-c95f66b2-7e7c-41c5-8f09-6f86ec68659c
Published At-10 Jan, 2024 | 13:04
Updated At-17 Jun, 2025 | 20:59
Rejected At-
Credits

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:bosch
Assigner Org ID:c95f66b2-7e7c-41c5-8f09-6f86ec68659c
Published At:10 Jan, 2024 | 13:04
Updated At:17 Jun, 2025 | 20:59
Rejected At:
▼CVE Numbering Authority (CNA)

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.

Affected Products
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA015S-36V (0608842001)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA030S-36V (0608842002)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA050S-36V (0608842003)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXP012QD-36V (0608842005)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA015S-36V-B (0608842006)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA030S-36V-B (0608842007)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA050S-36V-B (0608842008)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXP012QD-36V-B (0608842010)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA011S-36V (0608842011)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA011S-36V-B (0608842012)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA065S-36V (0608842013)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXA065S-36V-B (0608842014)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXV012T-36V (0608842015)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo cordless nutrunner NXV012T-36V-B (0608842016)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo special cordless nutrunner (0608PE2272)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo special cordless nutrunner (0608PE2301)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo special cordless nutrunner (0608PE2514)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo special cordless nutrunner (0608PE2515)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo special cordless nutrunner (0608PE2666)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Vendor
Bosch Rexroth AGRexroth
Product
Nexo special cordless nutrunner (0608PE2673)
Versions
Affected
  • From NEXO-OS V1000-Release through NEXO-OS V1500-SP2 (custom)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Type: N/A
CWE ID: N/A
Description: CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
vendor-advisory
Hyperlink: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
vendor-advisory
x_transferred
Hyperlink: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@bosch.com
Published At:10 Jan, 2024 | 13:15
Updated At:16 Jan, 2024 | 22:05

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Secondary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CPE Matches
Robert Bosch GmbH
bosch
>>nexo-os>>Versions from 1000(inclusive) to 1500-sp2(inclusive)
cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)>>-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_special_cordless_nutrunner_\(0608pe2272\)>>-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2272\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_special_cordless_nutrunner_\(0608pe2301\)>>-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2301\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_special_cordless_nutrunner_\(0608pe2514\)>>-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2514\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_special_cordless_nutrunner_\(0608pe2515\)>>-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2515\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_special_cordless_nutrunner_\(0608pe2666\)>>-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2666\):-:*:*:*:*:*:*:*
Robert Bosch GmbH
bosch
>>nexo_special_cordless_nutrunner_\(0608pe2673\)>>-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2673\):-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-436Primarynvd@nist.gov
CWE-113Secondarypsirt@bosch.com
CWE ID: CWE-436
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-113
Type: Secondary
Source: psirt@bosch.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlpsirt@bosch.com
Vendor Advisory
Hyperlink: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html
Source: psirt@bosch.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2023-48254
Matching Score-8
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-8
Assigner-Robert Bosch GmbH
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 29.01%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 13:02
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo-osnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48244
Matching Score-8
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-8
Assigner-Robert Bosch GmbH
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 29.01%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 10:37
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo-osnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48255
Matching Score-8
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-8
Assigner-Robert Bosch GmbH
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 35.69%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 13:03
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo-osnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24795
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.3||MEDIUM
EPSS-1.91% / 82.56%
||
7 Day CHG+0.70%
Published-04 Apr, 2024 | 19:20
Updated-30 Jun, 2025 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: HTTP Response Splitting in multiple modules

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Action-Not Available
Vendor-Broadcom Inc.Debian GNU/LinuxFedora ProjectThe Apache Software FoundationApple Inc.NetApp, Inc.
Product-ontapontap_toolshttp_serverdebian_linuxfabric_operating_systemfedoramacosApache HTTP Server
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Details not found