Vulnerabilities > CVE-2016-1133 - Unspecified vulnerability in Dena H2O 1.7.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_6C808811BB9A11E5A65C485D605F4717.NASL |
description | Yakuzo OKU reports : When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 87960 |
published | 2016-01-18 |
reporter | This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/87960 |
title | FreeBSD : h2o -- directory traversal vulnerability (6c808811-bb9a-11e5-a65c-485d605f4717) |