CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

135 vulnerabilities with CWE-93
CVE-2016-9964 MEDIUM
Bottle 0.12.10 - Open Redirect
CVSS 6.5
CVE-2016-4993 MEDIUM
WildFly <7.0.2 - CRLF Injection
CVSS 6.1
CVE-2016-5331 MEDIUM
VMware vCenter Server <6.0 - Code Injection
CVSS 6.1
CVE-2015-9097 MEDIUM
Mail < 2.5.4 - Command Injection
CVSS 6.1
CVE-2015-9096 MEDIUM
Ruby < 2.4.0 - Command Injection
CVSS 6.1
CVE-2015-0770
Cisco TelePresence TC <6.3.4-7.3.3 - CRLF Injection
CVE-2014-9563 MEDIUM
Unify OpenStage/OpenScape <R3.32.0 - CRLF Injection
CVSS 4.9
CVE-2014-2017 MEDIUM
OXID eShop <4.7.11-4.8.4, <5.0.11-5.1.4 - CRLF Injection
CVSS 6.1
CVE-2014-9564 MEDIUM
IBM Flex System EN6131-IB6131 40Gb - CRLF Injection
CVSS 6.1
CVE-2007-0892
phpMyVisites <2.2 - CRLF Injection
Details
Vulnerabilities 135
Links
MITRE CWE Entry Search this CWE With Exploits