An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. (CVSS:4.0) (Final Update:2021-08-12)

2021-08-04T20:00:00-04:00August 4th, 2021|HTTP Response Splitting|


SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. (CVSS:4.3) (Final Update:2021-07-15)

2021-06-15T20:00:00-04:00June 15th, 2021|HTTP Response Splitting|


An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiation information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no specific admittance or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1. (CVSS:5.8) (Closing Update:2021-04-28)

2021-04-21T20:00:00-04:00April 21st, 2021|HTTP Response Splitting|


IBM Security Admittance Manager 9.0.7 and IBM Security Verify Admittance 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain easily broken information. IBM X-Force ID: 165960. (CVSS:5.8) (Closing Update:2020-10-20)

2020-10-14T20:00:00-04:00October 14th, 2020|HTTP Response Splitting|


An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Owed to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. (CVSS:4.0) (Final Update:2021-03-04)

2020-09-01T20:00:00-04:00September 1st, 2020|HTTP Response Splitting|


Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. (CVSS:5.0) (Terminal Update:2020-07-29)

2020-07-26T20:00:00-04:00July 26th, 2020|HTTP Response Splitting|


Cybele Thinfinity VirtualUI allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. (CVSS:4.3) (Final Update:2021-07-21)

2020-06-03T20:00:00-04:00June 3rd, 2020|HTTP Response Splitting|


cpp-httplib through 0.5.8 does not filter rn in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. (CVSS:5.0) (Concluding Update:2020-04-13)

2020-04-11T20:00:00-04:00April 11th, 2020|HTTP Response Splitting|


An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. (CVSS:5.0) (Concluding Update:2020-04-13)

2020-04-11T20:00:00-04:00April 11th, 2020|HTTP Response Splitting|


This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. (CVSS:7.5) (Terminal Update:2021-08-03)

2020-04-05T20:00:00-04:00April 5th, 2020|HTTP Response Splitting|
Go to Top