3240 matches found
DEBIAN-CVE-2026-43966
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
CVE-2026-43966
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
CVE-2026-43966
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
EUVD-2026-35131
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
EEF-CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow\http\struct\hd:escape\string/2 in cowlib only escapes \ and ", passing...
CVE-2026-43966
CVE-2026-43966 describes a HTTP Response Splitting flaw in the Erlang/cowlib component, where cow_http_struct_hd:escape_string/2 only escapes backslash and quote, allowing CRLF injection into structured HTTP header values. The mismatch between the encoder (allows any byte) and the parser (accepts...
CVE-2026-43966
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
Cowlib 注入漏洞
Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of Cowlib contains an injection vulnerability, which stems from improper handling of CRLF sequences. This vulnerability may lead to HTTP response splitting, allowing attackers to inject CRLFs...
EUVD-2024-54938
Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05.05 before v1.05.12...
USN-8338-2: Apache HTTP Server regression
USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...
SUSE SLES15 Security Update : apache2 (SUSE-SU-2026:2103-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2103-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957....
HTTP Response Splitting
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...
USN-8338-1: Apache HTTP Server vulnerabilities
It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...
USN-8338-1 apache2 vulnerabilities
It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...
Security update for apache2
This update for apache2 fixes the following issues CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163...
SUSE-SU-2026:2103-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...
CVE-2026-47069
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...
CVE-2026-47069
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...
CVE-2026-47069 CRLF injection in cookie domain/path options in hackney
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...