Vulnerabilities > Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2017-17742 | HTTP Response Splitting vulnerability in multiple products Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. | 5.3 |
| 2017-12-20 | CVE-2017-1262 | HTTP Response Splitting vulnerability in IBM Security Guardium IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. | 6.1 |
| 2017-11-16 | CVE-2017-12309 | HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. | 5.3 |
| 2017-08-28 | CVE-2015-1445 | HTTP Response Splitting vulnerability in Fli4L 3.10.0/4.0 HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. | 7.2 |
| 2017-04-05 | CVE-2017-7443 | HTTP Response Splitting vulnerability in multiple products apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. | 6.1 |
| 2017-03-14 | CVE-2016-8024 | HTTP Response Splitting vulnerability in Mcafee Virusscan Enterprise Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing. | 8.1 |
| 2016-10-10 | CVE-2016-5325 | HTTP Response Splitting vulnerability in multiple products CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | 6.1 |
| 2016-09-26 | CVE-2016-4993 | HTTP Response Splitting vulnerability in Redhat Jboss Enterprise Application Platform CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |
| 2016-09-07 | CVE-2016-6839 | HTTP Response Splitting vulnerability in Huawei Fusionaccess V100R005C10/V100R005C20/V100R005C30 CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |
| 2016-09-02 | CVE-2016-5699 | HTTP Response Splitting vulnerability in Python CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | 6.1 |