CVE-2016-2216

2016-04-07T17:59:02
ID CVE-2016-2216
Type cve
Reporter NVD
Modified 2017-06-30T21:29:38

Description

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.