3237 matches found
CVE-2026-47069
CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...
PT-2026-43066
Name of the Vulnerable Software and Affected Versions hackney versions 0.9.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Response Splitting. The setcookie/3 function in src/hackney cookie.erl validates Name and Value arguments...
OESA-2026-2402 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
OESA-2026-2401 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...
OESA-2026-2400 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
OESA-2026-2398 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
Astra Linux – Vulnerability in Apache2
Splitting of HTTP responses across multiple modules in the Apache HTTP Server allows an attacker who can inject malicious response headers into backend applications to carry out an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...
Astra Linux – Vulnerability in Apache2
HTTP response splitting in the core of the Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in Apache...
Astra Linux – Vulnerability in JRuby
Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...
Astra Linux – Vulnerability in Netty
The Netty project is an event-driven, asynchronous network application framework. Starting from version 4.1.83.Final and before 4.1.86.Final, when calling DefaultHttpHeaders.set with an iterator of values, header value validation was not performed. This allowed malicious header values in the...
Astra Linux – Vulnerability in JRuby
Versions of Ruby from 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4 allow HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit this to insert a newline character to split the header, thereby injecting malicious content to...
CLSA-2026-1779118869 Fix of 8 CVEs
SECURITY UPDATE: fix off-by-one out-of-bounds read in modproxyajp message getter functions - debian/patches/CVE-2026-33857-prereq.patch: prerequisite fix for ajpmsgcheckheader bounds check to keep msg-len within buffer - debian/patches/CVE-2026-33857.patch: fix off-by-one out-of-bounds read in...
Security update for rmt-server
This update for rmt-server fixes the following issues CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471...
CLSA-2026-1778254557 httpd: Fix of 8 CVEs
CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...
CLSA-2026-1778614426 httpd: Fix of 9 CVEs
CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...
CVE-2026-33523
A flaw was found in httpd. When processing responses from an untrusted or compromised backend server, multiple modules fail to sanitize Carriage Return and Line Feed CRLF sequences in the HTTP status line. This issue leads to an HTTP response splitting attack. Mitigation Mitigation for this issue...
HTTP Response Splitting
Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...
CVE-2026-41683
CVE-2026-41683 affects i18next-http-middleware prior to 3.9.3. The root cause is that user-controlled language values (lng) were passed, via unsafe escaping, into the Content-Language header, potentially allowing HTTP response splitting or DoS depending on Node.js version. Older i18next (< 19....
CVE-2026-41683 HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...