CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Parent: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

82 vulnerabilities with CWE-113
CVE-2016-5325 MEDIUM
Node.js <6.7.0 - CRLF Injection
CVSS 6.1
CVE-2016-4993 MEDIUM
WildFly <7.0.2 - CRLF Injection
CVSS 6.1
CVE-2016-6839 MEDIUM
Huawei FusionAccess <V100R006C00 - CRLF Injection
CVSS 6.1
CVE-2016-5699 MEDIUM
CPython <2.7.10, <3.4.4 - RCE
CVSS 6.1
CVE-2015-1445 HIGH
httpd - HTTP Header Injection
CVSS 7.2
CVE-2015-0733
Cisco Headend Digital Broadband Delivery System - XSS
CVE-2007-5595
Drupal <4.7.8, <5.3 - CRLF Injection
Details
Vulnerabilities 82
Links
MITRE CWE Entry Search this CWE With Exploits