Vulnerabilities > Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

DATE CVE VULNERABILITY TITLE RISK
2017-11-16 CVE-2017-12309 HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack.
network
low complexity
cisco CWE-113
5.3
2017-08-28 CVE-2015-1445 HTTP Response Splitting vulnerability in Fli4L 3.10.0/4.0
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.
network
low complexity
fli4l CWE-113
7.2
2017-04-05 CVE-2017-7443 HTTP Response Splitting vulnerability in multiple products
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
6.1
2017-03-14 CVE-2016-8024 HTTP Response Splitting vulnerability in Mcafee Virusscan Enterprise
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
network
high complexity
mcafee CWE-113
8.1
2016-10-10 CVE-2016-5325 HTTP Response Splitting vulnerability in multiple products
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
network
low complexity
nodejs suse CWE-113
6.1
2016-09-26 CVE-2016-4993 HTTP Response Splitting vulnerability in Redhat Jboss Enterprise Application Platform
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
redhat CWE-113
6.1
2016-09-07 CVE-2016-6839 HTTP Response Splitting vulnerability in Huawei Fusionaccess V100R005C10/V100R005C20/V100R005C30
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
huawei CWE-113
6.1
2016-09-02 CVE-2016-5699 HTTP Response Splitting vulnerability in Python
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
network
low complexity
python CWE-113
6.1