Vulnerabilities > CVE-2016-1133 - Unspecified vulnerability in Dena H2O
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Dena
| 32 |
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_6C808811BB9A11E5A65C485D605F4717.NASL |
description | Yakuzo OKU reports : When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 87960 |
published | 2016-01-18 |
reporter | This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/87960 |
title | FreeBSD : h2o -- directory traversal vulnerability (6c808811-bb9a-11e5-a65c-485d605f4717) |
References
- http://jvn.jp/en/jp/JVN45928828/index.html
- http://jvn.jp/en/jp/JVN45928828/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003
- https://github.com/h2o/h2o/issues/682
- https://github.com/h2o/h2o/issues/682
- https://github.com/h2o/h2o/issues/684
- https://github.com/h2o/h2o/issues/684
- https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133
- https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133