Vulnerabilities > Improper Neutralization of CRLF Sequences ('CRLF Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-09 | CVE-2018-12477 | CRLF Injection vulnerability in Opensuse Leap 15.0/42.3 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. | 7.5 |
| 2018-08-22 | CVE-2017-7528 | CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. | 3.3 |
| 2018-08-14 | CVE-2016-4975 | CRLF Injection vulnerability in Apache Http Server Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. | 6.1 |
| 2018-04-18 | CVE-2018-1000164 | CRLF Injection vulnerability in multiple products gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. | 5.0 |
| 2018-04-12 | CVE-2014-9563 | CRLF Injection vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd. | 4.0 |
| 2018-02-07 | CVE-2017-15400 | CRLF Injection vulnerability in Google Chrome OS Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. | 7.8 |
| 2018-01-18 | CVE-2014-2017 | CRLF Injection vulnerability in Oxidforge Eshop CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.8 |
| 2017-08-30 | CVE-2017-14037 | CRLF Injection vulnerability in Crushftp CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. | 4.3 |
| 2017-08-25 | CVE-2014-9564 | CRLF Injection vulnerability in IBM En6131 Firmware and Ib6131 Firmware CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. | 4.3 |
| 2017-06-12 | CVE-2015-9097 | CRLF Injection vulnerability in Mail Project Mail The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | 4.3 |