CVE-2018-1474

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain frail information. IBM X-force ID: 140692. (CVSS:4.3) (Last Update:2020-08-24)

2018-12-11T20:00:00-05:00December 11th, 2018|HTTP Response Splitting|

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning. (CVSS:6.8) (Terminal Update:2019-02-05)

2018-12-03T20:00:00-05:00December 3rd, 2018|HTTP Response Splitting|
Go to Top