Vulnerabilities > Improper Neutralization of CRLF Sequences ('CRLF Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-06-12 CVE-2015-9097 CRLF Injection vulnerability in Mail Project Mail
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
network
low complexity
mail-project CWE-93
6.1
2017-06-12 CVE-2015-9096 CRLF Injection vulnerability in Ruby-Lang Ruby
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
network
low complexity
ruby-lang CWE-93
6.1
2017-05-26 CVE-2017-5868 CRLF Injection vulnerability in Openvpn Access Server 2.1.4
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.
network
low complexity
openvpn CWE-93
6.1
2017-05-05 CVE-2017-8791 CRLF Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210
An issue was discovered on Accellion FTA devices before FTA_9_12_180.
network
low complexity
accellion CWE-93
6.1
2017-05-05 CVE-2017-8788 CRLF Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210
An issue was discovered on Accellion FTA devices before FTA_9_12_180.
network
low complexity
accellion CWE-93
6.1
2017-04-28 CVE-2017-2111 CRLF Injection vulnerability in Iodata products
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.
network
low complexity
iodata CWE-93
6.1
2017-03-07 CVE-2017-6508 CRLF Injection vulnerability in GNU Wget
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
network
low complexity
gnu CWE-93
6.1
2017-01-23 CVE-2016-6484 CRLF Injection vulnerability in Infoblox Netmri
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
network
low complexity
infoblox CWE-93
6.1
2016-12-16 CVE-2016-9964 CRLF Injection vulnerability in multiple products
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
network
low complexity
bottlepy debian CWE-93
6.5
2016-08-08 CVE-2016-5331 CRLF Injection vulnerability in VMWare Esxi and Vcenter Server
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
vmware CWE-93
6.1