Vulnerabilities > CVE-2016-1133 - Unspecified vulnerability in Dena H2O 1.7.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

dena

nessus

NVD

Published: 2016-01-16

Updated: 2021-04-19

Summary

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>

Vulnerable Configurations

Part	Description	Count
Application	Dena Dena H2O 1.7.0	1

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6C808811BB9A11E5A65C485D605F4717.NASL
description	Yakuzo OKU reports : When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response.
last seen	2020-06-01
modified	2020-06-02
plugin id	87960
published	2016-01-18
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87960
title	FreeBSD : h2o -- directory traversal vulnerability (6c808811-bb9a-11e5-a65c-485d605f4717)

Summary

Vulnerable Configurations

Nessus

References