CVE-2020-11709

cpp-httplib through 0.5.8 does not filter rn in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. (CVSS:5.0) (Concluding Update:2020-04-13)

2020-04-11T20:00:00-04:00April 11th, 2020|HTTP Response Splitting|

CVE-2020-11703

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. (CVSS:5.0) (Concluding Update:2020-04-13)

2020-04-11T20:00:00-04:00April 11th, 2020|HTTP Response Splitting|

CVE-2020-7622

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. (CVSS:7.5) (Terminal Update:2021-08-03)

2020-04-05T20:00:00-04:00April 5th, 2020|HTTP Response Splitting|
Go to Top