Vulnerabilities > CVE-2016-1133 - Unspecified vulnerability in Dena H2O

CVSS 3.7 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

high complexity

dena

nessus

NVD

Published: 2016-01-16

Updated: 2021-04-19

Summary

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.

Vulnerable Configurations

Part	Description	Count
Application	Dena Dena H2O 0.9.0 Dena H2O 0.9.1 Dena H2O 0.9.2 Dena H2O 1.0.0 Dena H2O 1.0.1 Dena H2O 1.1.0 Dena H2O 1.1.1 Dena H2O 1.2.0 Dena H2O 1.3.0 Dena H2O 1.3.1 Dena H2O 1.4.0 Dena H2O 1.4.1 Dena H2O 1.4.2 Dena H2O 1.4.3 Dena H2O 1.4.4 Dena H2O 1.4.5 Dena H2O 1.5.0 Dena H2O 1.5.1 Dena H2O 1.5.2 Dena H2O 1.5.3 Dena H2O 1.5.4 Dena H2O 1.5.5 Dena H2O 1.6.0 Dena H2O 1.6.1 Dena H2O 1.7.0	32

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6C808811BB9A11E5A65C485D605F4717.NASL
description	Yakuzo OKU reports : When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response.
last seen	2020-06-01
modified	2020-06-02
plugin id	87960
published	2016-01-18
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87960
title	FreeBSD : h2o -- directory traversal vulnerability (6c808811-bb9a-11e5-a65c-485d605f4717)

Summary

Vulnerable Configurations

Nessus

References