VYPR

CWE-644

Improper Neutralization of HTTP Headers for Scripting Syntax

VariantIncompleteLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (22)

page 2 of 2
  • CVE-2021-41114Oct 5, 2021
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate…

  • CVE-2021-21265Mar 10, 2021
    risk 0.00cvss epss 0.02

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential…