CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Parent: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

82 vulnerabilities with CWE-113
CVE-2021-0268 HIGH
Juniper Networks Junos OS - Buffer Overflow
CVSS 8.8
CVE-2020-3117 MEDIUM
Cisco AsyncOS/Cisco Web Security Appliance/SMA - Info Disclosure
CVSS 4.7
CVE-2020-10753 MEDIUM
Red Hat Ceph Storage RadosGW - HTTP Header Injection
CVSS 5.4
CVE-2020-5249 MEDIUM
Puma < 3.12.3 - Injection
CVSS 6.5
CVE-2020-5247 MEDIUM
Puma < 3.12.3 - Injection
CVSS 6.5
CVE-2020-5216 MEDIUM
Twitter Secure Headers < 3.9.0 - Injection
CVSS 4.4
CVE-2019-25101 MEDIUM
OnShift TurboGears 1.0.11.10 - HTTP Response Splitting
CVSS 6.3
CVE-2019-16771 MEDIUM
Armeria <0.97.0 - SSRF
CVSS 4.8
CVE-2019-15259 MEDIUM
Cisco Unified Contact Center Express < 11.6\(2\) - Injection
CVSS 6.1
CVE-2018-18837 MEDIUM
Netdata 1.10.0 - HTTP Header Injection
CVSS 6.1
CVE-2018-16181 MEDIUM
i-FILTER <9.50R05 - HTTP Header Injection
CVSS 6.1
CVE-2018-0689 HIGH
SEIKO EPSON - HTTP Header Injection
CVSS 8.8
CVE-2018-13814 HIGH
SIMATIC HMI - Multiple Vulns
CVSS 8.8
CVE-2018-11347 HIGH
YunoHost 2.7.2-2.7.14 - HTTP Response Header Injection
CVSS 8.8
CVE-2018-7830 HIGH
Modicon M340-Quantum - DoS
CVSS 7.5
CVE-2018-16979 MEDIUM
Monstra CMS V3.0.4 - HTTP Header Injection
CVSS 6.1
CVE-2018-3911 HIGH
Samsung SmartThings Hub STH-ETH-250 - Firmware 0.20.17 - HTTP Heade...
CVSS 8.6
CVE-2018-1067 MEDIUM
Undertow <7.1.2.CR1-7.1.2.GA - Command Injection
CVSS 6.1
CVE-2017-7528 MEDIUM
Ansible Tower - CRLF Injection
CVSS 5.2
CVE-2017-17742 MEDIUM
Ruby <2.2.10-2.6.0 - Info Disclosure
CVSS 5.3
CVE-2017-12308 MEDIUM
Cisco Small Business Managed Switches - HTTP Response Splitting
CVSS 6.1
CVE-2017-1262 MEDIUM
IBM Security Guardium - XSS
CVSS 6.1
CVE-2017-12309 MEDIUM
Cisco Email Security Appliance - XSS
CVSS 5.3
CVE-2017-7443 MEDIUM
apt-cacher <1.7.15-apt-cacher-ng <3.4 - XSS
CVSS 6.1
CVE-2016-8024 HIGH
Intel Security VSEL <2.0.3 - Info Disclosure
CVSS 8.1
Details
Vulnerabilities 82
Links
MITRE CWE Entry Search this CWE With Exploits