HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

MiracleLinux 8 : httpd:2.4 (AXSA:2024-8505:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8505:01 advisory. httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 Tenable has extracted the preceding description block directly from the MiracleLinux security...

EUVD-2020-0381

Malware in sbrugna...

EUVD-2022-3299

Malicious code in bioql PyPI...

OESA-2025-2171 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...

Akınsoft QR Menü 安全漏洞

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12 contain a security vulnerability that originates from improper certificate validation, which can be exploited by an attacker to cause HTTP response splitting...

CVE-2025-53007

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

CVE-2010-3011

CRLF injection vulnerability in HP System Management Homepage SMH before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

RHEL 6 : rabbitmq-server (RHSA-2016:0368)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2016:0368 advisory. RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and...

RHEL 9 : httpd (RHSA-2024:9306)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9306 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response...

SUSE: Security Advisory (SUSE-SU-2023:4176-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2023-2248)

According to the versions of the ruby package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to...

rubygem-cgi -- HTTP response splitting vulnerability

Hiroshi Tokumaru reports: If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application create...

CVE-2021-45818

SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting...

Response Splitting

http4s-client is vulnerable to response splitting. Creating the fields such as Header names Header.name, Header values Header.value, Status reason phrases Status.reason, URI paths Uri.Path, URI authority registered names URI.RegName allows an attacker to inject a malicious character such as...

IBM Cloud Orchestrator HTTP Response Splitting Vulnerability

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. An...

Debian: Security Advisory (DLA-873-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...

Loxone Smart Home HTTP Answer Splitting Vulnerability

Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from an HTTP Answer Splitting vulnerability that allows attackers to conduct HTTP Answer Splitting attacks that can lead to caching...

CVE-2010-3011

CRLF injection vulnerability in HP System Management Homepage SMH before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...