CVE-2017-7459 CVSS:5.0
ntopng before 3.0 allows HTTP Response Splitting. (Last Update:2017-06-29) (Publish Update:2017-06-26)
CVE-2017-7443 CVSS:4.3
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. (Last Update:2017-04-12) (Publish Update:2017-04-05)
CVE-2017-7320 CVSS:4.3
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. (Last Update:2017-03-31) (Publish Update:2017-03-30)
CVE-2017-5868 CVSS:4.3
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. (Last Update:2017-06-06) (Publish Update:2017-05-25)
CVE-2017-1291 CVSS:3.5
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152. (Last Update:2017-05-31) (Publish Update:2017-05-26)
CVE-2016-6839 CVSS:4.3
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (Last Update:2016-09-08) (Publish Update:2016-09-07)
CVE-2016-6484 CVSS:4.3
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. (Last Update:2017-01-25) (Publish Update:2017-01-23)
CVE-2016-5331 CVSS:4.3
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (Last Update:2016-11-28) (Publish Update:2016-08-07)
CVE-2016-5325 CVSS:4.3
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. (Last Update:2017-06-30) (Publish Update:2016-10-10)
CVE-2016-4993 CVSS:4.3
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (Last Update:2016-11-28) (Publish Update:2016-09-26)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com