Primary

Context

HotelRunner B2B HTTP Response Splitting Vulnerability Due to Improper Certificate Validation

Vulnerability

A vulnerability allowing HTTP response splitting has been identified in HotelRunner B2B, prior to June 4, 2025. This issue arises from improper validation of certificates, leading to a host mismatch.

Impact

Exploitation of this vulnerability could allow for HTTP response splitting, which can be used in various attacks such as web cache poisoning or cross-site scripting.

Remediation

Users are advised to upgrade to versions released on or after June 4, 2025.

Added: Jul 22, 2025, 2:22 PM

Updated: Jul 22, 2025, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HotelRunner B2B HTTP Response Splitting Vulnerability Due to Improper Certificate Validation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating