| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-42472 |
436 |
|
Http R.Spl. |
2023-02-16 |
2023-02-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. |
|
2 |
CVE-2022-42471 |
|
|
Http R.Spl. |
2023-01-03 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. |
|
3 |
CVE-2022-41915 |
113 |
|
Http R.Spl. |
2022-12-13 |
2023-03-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values. |
|
4 |
CVE-2022-37953 |
|
|
Http R.Spl. |
2022-08-25 |
2022-08-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. |
|
5 |
CVE-2022-37242 |
|
|
Http R.Spl. |
2022-08-25 |
2022-08-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. |
|
6 |
CVE-2022-37240 |
|
|
Http R.Spl. |
2022-08-25 |
2022-08-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. |
|
7 |
CVE-2022-20772 |
74 |
|
Http R.Spl. |
2022-11-04 |
2022-11-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. |
|
8 |
CVE-2021-45818 |
74 |
|
Http R.Spl. |
2021-12-30 |
2023-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. |
|
9 |
CVE-2021-41437 |
436 |
|
Http R.Spl. |
2022-09-26 |
2022-09-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. |
|
10 |
CVE-2021-41084 |
74 |
|
Http R.Spl. |
2021-09-21 |
2022-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening. |
|
11 |
CVE-2021-40336 |
352 |
|
Http R.Spl. |
2022-07-25 |
2022-08-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions. |
|
12 |
CVE-2021-33621 |
436 |
|
Http R.Spl. |
2022-11-18 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. |
|
13 |
CVE-2021-32598 |
444 |
|
Http R.Spl. |
2021-08-05 |
2021-08-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. |
|
14 |
CVE-2021-28979 |
74 |
|
Http R.Spl. |
2021-06-16 |
2022-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. |
|
15 |
CVE-2021-0268 |
74 |
|
Overflow XSS Http R.Spl. |
2021-04-22 |
2022-08-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1. |
|
16 |
CVE-2020-15811 |
444 |
|
Http R.Spl. Bypass |
2020-09-02 |
2021-03-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. |
|
17 |
CVE-2020-11709 |
74 |
|
Http R.Spl. |
2020-04-12 |
2020-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. |
|
18 |
CVE-2020-11703 |
74 |
|
Http R.Spl. |
2020-04-12 |
2020-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. |
|
19 |
CVE-2020-7695 |
74 |
|
Http R.Spl. |
2020-07-27 |
2023-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. |
|
20 |
CVE-2020-7622 |
|
|
Http R.Spl. |
2020-04-06 |
2021-08-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. |
|
21 |
CVE-2020-6858 |
74 |
|
Http R.Spl. |
2020-03-12 |
2020-03-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header. |
|
22 |
CVE-2020-6181 |
|
|
Http R.Spl. |
2020-02-12 |
2020-02-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. |
|
23 |
CVE-2020-5249 |
74 |
|
XSS Http R.Spl. |
2020-03-02 |
2020-04-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4. |
|
24 |
CVE-2020-5247 |
113 |
|
XSS Http R.Spl. |
2020-02-28 |
2022-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. |
|
25 |
CVE-2019-25101 |
113 |
|
Http R.Spl. |
2023-02-04 |
2023-02-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. |
|
26 |
CVE-2019-19670 |
|
|
XSS Http R.Spl. |
2020-02-10 |
2020-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. |
|
27 |
CVE-2019-19389 |
74 |
|
Http R.Spl. |
2019-12-26 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. |
|
28 |
CVE-2019-17513 |
74 |
|
Http R.Spl. |
2019-10-18 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. |
|
29 |
CVE-2019-16771 |
74 |
|
XSS Http R.Spl. |
2019-12-06 |
2019-12-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. |
|
30 |
CVE-2019-16385 |
79 |
|
XSS Http R.Spl. |
2020-06-04 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. |
|
31 |
CVE-2019-16254 |
74 |
|
Http R.Spl. |
2019-11-26 |
2020-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. |
|
32 |
CVE-2019-15259 |
74 |
|
XSS Http R.Spl. |
2019-10-02 |
2020-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits. |
|
33 |
CVE-2019-10797 |
|
|
Http R.Spl. |
2020-02-19 |
2020-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. |
|
34 |
CVE-2019-5314 |
74 |
|
XSS Http R.Spl. |
2019-09-13 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. |
|
35 |
CVE-2019-4552 |
|
|
XSS Http R.Spl. +Info |
2020-10-15 |
2020-10-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. |
|
36 |
CVE-2019-4461 |
74 |
|
XSS Http R.Spl. +Info |
2019-10-25 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682. |
|
37 |
CVE-2019-4396 |
74 |
|
XSS Http R.Spl. +Info |
2019-10-25 |
2020-08-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236. |
|
38 |
CVE-2018-16181 |
113 |
|
Http R.Spl. |
2019-01-09 |
2019-02-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors. |
|
39 |
CVE-2018-11347 |
113 |
|
Http R.Spl. |
2018-12-04 |
2019-02-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning. |
|
40 |
CVE-2018-7830 |
113 |
|
DoS Http R.Spl. |
2018-11-30 |
2018-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. |
|
41 |
CVE-2018-6603 |
79 |
|
XSS Http R.Spl. |
2018-02-07 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. |
|
42 |
CVE-2018-1549 |
74 |
|
XSS Http R.Spl. +Info |
2018-07-10 |
2020-08-24 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658. |
|
43 |
CVE-2018-1474 |
74 |
|
XSS Http R.Spl. +Info |
2018-12-12 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692. |
|
44 |
CVE-2018-1319 |
74 |
|
XSS Http R.Spl. |
2018-03-15 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session. |
|
45 |
CVE-2018-1067 |
113 |
|
Http R.Spl. |
2018-05-21 |
2020-07-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. |
|
46 |
CVE-2017-17742 |
113 |
|
Http R.Spl. |
2018-04-03 |
2020-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. |
|
47 |
CVE-2017-12309 |
113 |
|
XSS Http R.Spl. |
2017-11-16 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705. |
|
48 |
CVE-2017-12308 |
|
|
Exec Code Http R.Spl. |
2018-01-18 |
2020-09-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980. |
|
49 |
CVE-2017-7459 |
74 |
|
Http R.Spl. |
2017-06-26 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ntopng before 3.0 allows HTTP Response Splitting. |
|
50 |
CVE-2017-7443 |
113 |
|
Http R.Spl. |
2017-04-05 |
2017-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. |
