CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
82 vulnerabilities with CWE-113
CVE-2024-52875
HIGH
GFI Kerio Control < 9.4.5 - XSS
CVSS 8.8
CVE-2024-45687
LOW
Payara Platform <6.21.0 - HTTP Request/Response Splitting
CVE-2024-54021
MEDIUM
Fortinet FortiOS <7.6.0 - SSRF
CVSS 6.5
CVE-2024-42487
MEDIUM
Cilium <1.15.8-1.16.1 - Info Disclosure
CVSS 4.0
CVE-2024-40324
MEDIUM
E-Staff <5.1 - HTTP Response Splitting
CVSS 5.4
CVE-2024-20392
MEDIUM
Cisco AsyncOS Software - XSS
CVSS 6.1
CVE-2024-24795
MEDIUM
Apache HTTP Server <2.4.59 - SSRF
CVSS 6.3
CVE-2024-23644
MEDIUM
Trillium < 0.5.4 - Interpretation Conflict
CVSS 6.8
CVE-2023-48256
MEDIUM
Bosch Nexo-os < 1500-sp2 - Interpretation Conflict
CVSS 5.3
CVE-2023-26147
MEDIUM
ithewei/libhv - SSRF
CVSS 5.3
CVE-2023-42450
MEDIUM
Mastodon - SSRF
CVSS 5.4
CVE-2023-41834
MEDIUM
Apache Flink Stateful Functions < 3.2.0 - Injection
CVSS 6.1
CVE-2023-26142
MEDIUM
crow - SSRF
CVSS 6.5
CVE-2023-26137
HIGH
drogonframework/drogon - SSRF
CVSS 7.2
CVE-2023-34472
MEDIUM
AMI SPx - SSRF
CVSS 5.7
CVE-2023-0508
LOW
Gitlab < 15.10.8 - Open Redirect
CVSS 3.1
CVE-2023-32708
HIGH
Splunk < 8.1.14 - Interpretation Conflict
CVSS 7.2
CVE-2022-42472
MEDIUM
Fortinet Fortiproxy < 1.1.6 - Injection
CVSS 4.2
CVE-2022-37436
MEDIUM
Apache HTTP Server < 2.4.55 - Interpretation Conflict
CVSS 5.3
CVE-2022-42471
MEDIUM
Fortinet Fortiweb < 6.3.21 - Injection
CVSS 5.4
CVE-2022-41915
MEDIUM
Netty < 4.1.86 - Interpretation Conflict
CVSS 6.5
CVE-2022-20772
MEDIUM
Cisco ESA/Secure Email and Web Manager - HTTP Response Splitting
CVSS 4.7
CVE-2022-3215
HIGH
NIOHTTP1 - HTTP Response Injection
CVSS 7.5
CVE-2022-37953
MEDIUM
WorkstationST <v07.09.15 - SSRF
CVSS 4.7
CVE-2021-40336
MEDIUM
MSM Web Interface - SSRF
CVSS 5.0
Details
Vulnerabilities
82