CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

174 vulnerabilities with CWE-93
CVE-2018-1000164 HIGH
gunicorn < 19.5.0 - HTTP Header Injection via CRLF in process_headers
CVSS 7.5
CVE-2017-18587 MEDIUM
hyper < 0.9.18 and 0.10.0-0.10.2 - CRLF Injection in Headers
CVSS 5.3
CVE-2017-7528 MEDIUM
Ansible Tower - CRLF Injection via X-Forwarded-For Header
CVSS 5.2
CVE-2017-15400 HIGH
CUPS <62.0.3202.74 - Command Injection
CVSS 7.8
CVE-2017-14037 MEDIUM
CrushFTP <7.8.0, <8.2.0 - Info Disclosure
CVSS 6.1
CVE-2017-5868 MEDIUM
OpenVPN Access Server 2.1.4 - CRLF Injection
CVSS 6.1
CVE-2017-8791 MEDIUM
Accellion FTA <FTA_9_12_180 - Auth Bypass
CVSS 6.1
CVE-2017-8788 MEDIUM
Accellion FTA <FTA_9_12_180 - Info Disclosure
CVSS 6.1
CVE-2017-2111 MEDIUM
I-O DATA DEVICE Firmware - HTTP Header Injection
CVSS 6.1
CVE-2017-6508 MEDIUM
GNU Wget < 1.19.1 - HTTP Header Injection via CRLF Sequences in URL Host
CVSS 6.1
CVE-2016-10803 HIGH
cPanel <57.9999.105 - Info Disclosure
CVSS 7.5
CVE-2016-4975 MEDIUM
Apache HTTP Server <2.4.24, <2.2.32 - CRLF Injection
CVSS 6.1
CVE-2016-6484 MEDIUM
Infoblox Network Automation <7.1.1 - CRLF Injection
CVSS 6.1
CVE-2016-9964 MEDIUM
bottle 0.12.10 - CRLF Injection via redirect() Function
CVSS 6.5
CVE-2016-4993 MEDIUM
Red Hat JBoss Enterprise Application Platform < 7.0.1 - HTTP Response Splitting via Undertow Web Server
CVSS 6.1
CVE-2016-5331 MEDIUM
VMware vCenter Server <6.0 - Code Injection
CVSS 6.1
CVE-2016-3115 MEDIUM
OpenSSH < 7.2 - Authenticated Command Restriction Bypass via X11 Forwarding CRLF Injection
CVSS 6.4
CVE-2015-9097 MEDIUM
mail < 2.5.5 - SMTP Command Injection via CRLF Sequences in RCPT TO or MAIL FROM
CVSS 6.1
CVE-2015-9096 MEDIUM
Ruby < 2.4.0 - SMTP Command Injection via CRLF Sequences in RCPT TO or MAIL FROM
CVSS 6.1
CVE-2015-0770
Cisco TelePresence TC <6.3.4-7.3.3 - CRLF Injection
CVE-2014-9563 MEDIUM
Unify OpenStage/OpenScape <R3.32.0 - CRLF Injection
CVSS 4.9
CVE-2014-2017 MEDIUM
OXID eShop <4.7.11-4.8.4, <5.0.11-5.1.4 - CRLF Injection
CVSS 6.1
CVE-2014-9564 MEDIUM
IBM Flex System EN6131-IB6131 40Gb - CRLF Injection
CVSS 6.1
CVE-2007-0892
phpMyVisites < 2.2 - CRLF Injection via URL Parameter
Details
Vulnerabilities 174
Links
MITRE CWE Entry Search this CWE With Exploits