EUVD-2017-10278

Malware in sbrugna...

CVE-2023-23950

User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36395)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.58 and earlier versions, which can be exploited t...

TurboGears 注入漏洞

TurboGears is an open source web development framework from OnShift. TurboGears version 1.0.11.10 suffers from an injection vulnerability that stems from a problem in the unknown section of the file turbogears/controllers.py in the component HTTP Header Handler, which can lead to a split http...

CVE-2023-23950

User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...

Cybozu Office 注入漏洞

Cybozu Office is a web-based, cross-platform collaborative office solution from Cybozu. Cybozu Office suffers from an injection vulnerability that stems from the software's inability to correctly handle CRLF character sequences. A remote attacker could use this vulnerability to send a specially...

IBM WebSphere Application Server 7.0.0.x < 7.0.0.45 / 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.5 HTTP Response Splitting (CVE-2017-1503)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.43, 8.0.0.x prior to 8.0.0.14, 8.5.0.x prior to 8.5.5.13 or 9.0.x prior to 9.0.0.5. It is, therefore, affected by an HTTP response splitting vulnerability. An unauthenticated, remote attacker can...

CVE-2019-4552

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the...

Cross site scripting

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...

CVE-2019-4396

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...

Cross site scripting

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split respons...

CVE-2018-1474

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split respons...

Security Bulletin: An HTTP Response splitting vulnerability in TXSeries for Multiplatfoms (CVE-2015-2017)

Summary Security Bulletin: An HTTP Response splitting vulnerability in TXSeries for Multiplatfoms CVE-2015-2017 Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION: The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability usi...

CVE-2018-1549

CVE-2018-1549 affects IBM Rational Quality Manager: vulnerable in RQM 5.0–5.0.2 and 6.0–6.0.5 due to HTTP response splitting. A remote attacker could craft a URL to trigger a split response, enabling web cache poisoning, cross-site scripting, and potential sensitive data exposure. Remediation per...

Security Bulletin: HTTP Response Splitting in Liberty affects IBM MessageSight (CVE-2016-0359)

Summary There is a potential HTTP response splitting vulnerability in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM...

Security Bulletin: HTTP Response Splitting vulnerability affects IBM Security Guardium (CVE-2017-1262 )

Summary A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks. IBM Security Guardium has provided a fix for this vulnerability. Vulnerability...

Security Bulletin: Vulnerability in HTTP Response Splitting affects IBM Algo One - Algo Risk Application and IBM Algo One - Core (CVE-2015-2017)

Summary The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such...

Security Bulletin: IBM Cognos Controller is affected by HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)

Summary There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel. Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could...

Cross site scripting

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as We...

CVE-2017-1262

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as We...