VYPR

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

VariantIncomplete

Description

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-105 · CAPEC-31 · CAPEC-34 · CAPEC-85

CVEs mapped to this weakness (72)

page 4 of 4
  • CVE-2020-28483Jan 20, 2021
    risk 0.00cvss epss 0.01

    This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

  • CVE-2020-5249Mar 2, 2020
    risk 0.00cvss epss 0.02

    In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body.…

  • CVE-2020-5247Feb 28, 2020
    risk 0.00cvss epss 0.02

    In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an…

  • CVE-2019-10797Feb 19, 2020
    risk 0.00cvss epss 0.01

    Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.

  • CVE-2020-5216Jan 23, 2020
    risk 0.00cvss epss 0.01

    In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header…

  • CVE-2019-16771Dec 6, 2019
    risk 0.00cvss epss 0.01

    Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has…

  • CVE-2015-0733May 30, 2015
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted…

  • CVE-2014-0099May 31, 2014
    risk 0.00cvss epss 0.09

    Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP…

  • CVE-2012-6072Feb 24, 2013
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…

  • CVE-2011-4203Dec 22, 2011
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving…

  • CVE-2009-1149Mar 26, 2009
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

  • CVE-2007-5595Oct 19, 2007
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.