apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-113,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apt-cacher-ng_project | apt-cacher-ng | * |
| apt-cacher_project | apt-cacher | * |