CVE-2025-8129 KoaJS Koa HTTP Header response.js back redirect

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack...

on-headers is vulnerable to http response header manipulation

Impact A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Patches Users should upgrade to 1.1.0 Workarounds Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object t...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-7339

CVE-2025-7339 describes a vulnerability in the on-headers Node.js middleware where a bug in versions < 1.1.0 may cause response headers to be modified when an array is passed to response.writeHead(). The issue is patched in 1.1.0; users are urged to upgrade. A workaround is to pass an object t...

The vulnerability of the Response Header Handler component in the Craft CMS system allows a hacker to execute arbitrary code.

The vulnerability of the Response Header Handler component in the Craft CMS content management system is related to errors in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

TencentOS Server 3: httpd (TSSA-2023:0026)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0026 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-5184

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the...

CVE-2025-5184

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the...

CVE-2025-5184 Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the...

CVE-2025-5184

CVE-2025-5184 affects Summer Pearl Group Vacation Rental Management Platform up to version 1.0.1. The vulnerability lies in the HTTP Response Header Handler component, where manipulation leads to information disclosure. The issue is exploitable remotely without user interaction. Upgrading to vers...

CVE-2025-5184 Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the...

CVE-2024-27713

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component...

CVE-2024-26267

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote...

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

CVE-2021-21743

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request...

CVE-2021-21445

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attack...

CVE-2019-19002

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting...

CVE-2019-19090

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...

CVE-2005-2861

Cross-site scripting XSS vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...