CVE-2017-12309 CVSS:0.0
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705. (Last Update:2017-11-17) (Publish Update:2017-11-16)
CVE-2017-7459 CVSS:5.0
ntopng before 3.0 allows HTTP Response Splitting. (Last Update:2017-06-29) (Publish Update:2017-06-26)
CVE-2017-7443 CVSS:4.3
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. (Last Update:2017-04-12) (Publish Update:2017-04-05)
CVE-2017-7320 CVSS:4.3
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. (Last Update:2017-03-31) (Publish Update:2017-03-30)
CVE-2017-5868 CVSS:4.3
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. (Last Update:2017-06-06) (Publish Update:2017-05-25)
CVE-2017-1503 CVSS:4.3
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. (Last Update:2017-11-05) (Publish Update:2017-10-10)
CVE-2017-1291 CVSS:3.5
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152. (Last Update:2017-05-31) (Publish Update:2017-05-26)
CVE-2016-8743 CVSS:5.0
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (Last Update:2017-11-13) (Publish Update:2017-07-27)
CVE-2016-6839 CVSS:4.3
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (Last Update:2016-09-08) (Publish Update:2016-09-07)
CVE-2016-6484 CVSS:4.3
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. (Last Update:2017-01-25) (Publish Update:2017-01-23)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com