14 matches found
CVE-2019-16771
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...
CVE-2019-16771
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...
Cross site scripting
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...
GHSA-35FR-H7JR-HH86 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...
Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)
Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...
Cross site scripting
A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...
CVE-2017-12309
A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...
CVE-2017-12309
The CVE-2017-12309 issue affects Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA). The root cause is improper input sanitization that enablesHTTP response splitting by an unauthenticated remote attacker, allowing potential cross-site scripting, cross-user defac...
Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability
A vulnerability in the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...
Shopify: HTTP-Response-Splitting on v.shopify.com
I discovered a HTTP-Response-Splitting issue on v.shopify.com Steps to reproduce: Call the following URL in any browser and catch the response e.g. with burp...
HTTP Protocol header injection vulnerability-vulnerability warning-the black bar safety net
HTTP response header file contains unverified data will lead to cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect. HTTP Protocol header injection vulnerability principles The following cases will appear in the HTTP Protocol header...
Mobile Mp3 Search Engine HTTP Response Splitting
-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...
SnipSnap: HTTP response splitting
Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...