CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

MiracleLinux 7 : ruby-2.0.0.648-36.el7 (AXSA:2019-4276:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4276:03 advisory. ruby: HTTP response splitting in WEBrick CVE-2017-17742 ruby: DoS by large request in WEBrick CVE-2018-8777 ruby: Buffer under-read in Stringunpack...

HTTP Response Splitting

Overview blacksheep is a Fast web framework for Python asyncio Affected versions of this package are vulnerable to HTTP Response Splitting via the Client implementation. An attacker can manipulate HTTP requests or inject additional headers by supplying specially input containing carriage return a...

CVE-2022-37240

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...

CVE-2022-42472

A improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10,...

CVE-2013-6009

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet...

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

EulerOS Virtualization 2.13.1 : httpd (EulerOS-SA-2025-2543)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

TencentOS Server 3: ruby:3.1 (TSSA-2024:0106)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0106 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2025-2359)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2328)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...

EUVD-2014-6037

Malware in sbrugna...

EUVD-2019-9280

Malware in sbrugna...

EUVD-2016-0913

Malware in sbrugna...

EUVD-2020-4051

Malware in sbrugna...