Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-113

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Parent: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

97 vulnerabilities with CWE-113

CVE-2018-16181 MEDIUM

i-FILTER <9.50R05 - HTTP Header Injection

CVE-2018-0689 HIGH

SEIKO EPSON - HTTP Header Injection

CVE-2018-13814 HIGH

SIMATIC HMI and WinCC < V14 - HTTP Header Injection via Integrated Web Server

CVE-2018-11347 HIGH

YunoHost 2.7.2-2.7.14 - HTTP Response Header Injection

CVE-2018-7830 HIGH

Modicon M340, Premium, Quantum, and BMXNOR0200 Firmware - Denial of Service via HTTP Response Splitting

CVE-2018-16979 MEDIUM

Monstra CMS V3.0.4 - HTTP Header Injection

CVE-2018-3911 HIGH

Samsung SmartThings Hub STH-ETH-250 - Firmware 0.20.17 - HTTP Heade...

CVE-2018-1067 MEDIUM

Undertow <7.1.2.CR1-7.1.2.GA - Command Injection

CVE-2017-7528 MEDIUM

Ansible Tower - CRLF Injection via X-Forwarded-For Header

CVE-2017-17742 MEDIUM

Ruby <2.2.10-2.6.0 - Info Disclosure

CVE-2017-12308 MEDIUM

Cisco Small Business Managed Switches - HTTP Response Splitting

CVE-2017-1262 MEDIUM

IBM Security Guardium 10.0 - HTTP Response Splitting via Crafted URL

CVE-2017-12309 MEDIUM

Cisco Email Security Appliance - XSS

CVE-2017-7443 MEDIUM

apt-cacher <1.7.15-apt-cacher-ng <3.4 - XSS

CVE-2016-8024 HIGH

Intel Security VSEL <2.0.3 - Info Disclosure

CVE-2016-5325 MEDIUM

Node.js HTTP Response Splitting via ServerResponse#writeHead

CVE-2016-4993 MEDIUM

Red Hat JBoss Enterprise Application Platform < 7.0.1 - HTTP Response Splitting via Undertow Web Server

CVE-2016-6839 MEDIUM

Huawei FusionAccess <V100R006C00 - CRLF Injection

CVE-2016-5699 MEDIUM

CPython < 2.7.9 - HTTP Header Injection via CRLF Sequences in HTTPConnection.putheader

CVE-2015-1445 HIGH

fli4l < 3.10.1 and 4.0 before 2015-01-30 - HTTP Header Injection

Cisco Headend Digital Broadband Delivery System - HTTP Response Splitting via CRLF Injection

Drupal <4.7.8, <5.3 - CRLF Injection

Previous Page 4 of 4

Details

Vulnerabilities 97

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy