Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9096 | 1 Ruby-lang | 1 Ruby | 2024-08-06 | N/A |
| Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | ||||
| CVE-2015-0770 | 1 Cisco | 1 Telepresence Tc Software | 2024-08-06 | N/A |
| CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. | ||||
| CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | ||||
| CVE-2016-9964 | 2 Bottlepy, Debian | 2 Bottle, Debian Linux | 2024-08-06 | N/A |
| redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | ||||
| CVE-2016-6484 | 1 Infoblox | 1 Netmri | 2024-08-06 | N/A |
| CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | ||||
| CVE-2016-5331 | 1 Vmware | 2 Esxi, Vcenter Server | 2024-08-06 | N/A |
| CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2016-4993 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-08-06 | N/A |
| CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2017-18587 | 1 Hyper | 1 Hyper | 2024-08-05 | N/A |
| An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. | ||||
| CVE-2017-15400 | 1 Google | 1 Chrome Os | 2024-08-05 | N/A |
| Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. | ||||
| CVE-2024-1226 | 2024-08-05 | 7.5 High | ||
| The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks. | ||||
| CVE-2017-8791 | 1 Accellion | 1 File Transfer Appliance | 2024-08-05 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. | ||||
| CVE-2017-8788 | 1 Accellion | 1 File Transfer Appliance | 2024-08-05 | N/A |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. | ||||
| CVE-2017-7528 | 1 Redhat | 2 Ansible Tower, Cloudforms Management Engine | 2024-08-05 | N/A |
| Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback). | ||||
| CVE-2017-6508 | 1 Gnu | 1 Wget | 2024-08-05 | N/A |
| CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | ||||
| CVE-2017-5868 | 1 Openvpn | 1 Openvpn Access Server | 2024-08-05 | N/A |
| CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. | ||||
| CVE-2017-2111 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2024-08-05 | N/A |
| HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. | ||||
| CVE-2018-1000164 | 2 Debian, Gunicorn | 2 Debian Linux, Gunicorn | 2024-08-05 | N/A |
| gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. | ||||
| CVE-2018-19585 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | ||||
| CVE-2018-12537 | 2 Eclipse, Redhat | 3 Vert.x, Jboss Fuse, Openshift Application Runtimes | 2024-08-05 | N/A |
| In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. | ||||
| CVE-2018-6148 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
| Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||