Description
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
https://jvn.jp/en/jp/JVN32155106/index.html
Permissions Required, Vendor Advisory x_refsource_misc
https://download.daj.co.jp/user/ifilter/V9/
Scores
CVSS v3
6.1
EPSS
0.0083
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-113
Status
published
Products (1)
daj/i-filter
< 9.50r05
Published
Jan 09, 2019
Tracked Since
Feb 18, 2026