Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-113:Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Weakness ID:113
Version:v4.17
Weakness Name:Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Submissions
Submission DateRelease DateSubmitterOrganizationVersionComment
2006-07-192006-07-19PLOVERN/ADraft 3

N/A

Submission Date: 2006-07-19

Release Date: 2006-07-19

Submitter: PLOVER

Organization: N/A

Version: Draft 3

Comment:

N/A

▼Modifications
Modification DateRelease DateModifierOrganizationVersionImportanceComment
2008-07-01N/AEric DalciCigitalN/AN/A

updated References, Potential_Mitigations, Time_of_Introduction

2008-09-08N/ACWE Content TeamMITREN/AN/A

updated Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings

2008-10-14N/ACWE Content TeamMITREN/AN/A

updated Description

2008-11-24N/ACWE Content TeamMITREN/AN/A

updated Description, Other_Notes

2009-03-10N/ACWE Content TeamMITREN/AN/A

updated Demonstrative_Examples

2009-05-27N/ACWE Content TeamMITREN/AN/A

updated Name

2009-07-27N/ACWE Content TeamMITREN/AN/A

updated Demonstrative_Examples, Potential_Mitigations

2009-10-29N/ACWE Content TeamMITREN/AN/A

updated Common_Consequences, Description, Other_Notes, Theoretical_Notes

2010-02-16N/ACWE Content TeamMITREN/AN/A

updated Taxonomy_Mappings

2010-06-21N/ACWE Content TeamMITREN/AN/A

updated Description, Name

2011-03-29N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2011-06-01N/ACWE Content TeamMITREN/AN/A

updated Common_Consequences, Description

2012-05-11N/ACWE Content TeamMITREN/AN/A

updated Common_Consequences, References, Relationships

2012-10-30N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2014-06-23N/ACWE Content TeamMITREN/AN/A

updated Demonstrative_Examples

2014-07-30N/ACWE Content TeamMITREN/AN/A

updated Relationships, Taxonomy_Mappings

2015-12-07N/ACWE Content TeamMITREN/AN/A

updated Relationships

2017-05-03N/ACWE Content TeamMITREN/AN/A

updated Related_Attack_Patterns

2017-11-08N/ACWE Content TeamMITREN/AN/A

updated Applicable_Platforms, Demonstrative_Examples

2019-06-20N/ACWE Content TeamMITREN/AN/A

updated Relationships

2020-02-24N/ACWE Content TeamMITREN/AN/A

updated Applicable_Platforms, Potential_Mitigations, Relationships, Type

2020-06-25N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2021-10-28N/ACWE Content TeamMITREN/AN/A

updated Relationships

2022-06-282022-06-28CWE Content TeamMITRE4.8N/A

Extended the abstraction of this entry to include both HTTP request and response splitting.

2022-06-282022-06-28CWE Content TeamMITRE4.8N/A

updated Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Theoretical_Notes

2022-10-132022-10-13CWE Content TeamMITRE4.9N/A

updated Demonstrative_Examples, Related_Attack_Patterns

2023-01-312023-01-31CWE Content TeamMITRE4.10N/A

updated Description

2023-04-272023-04-23CWE Content TeamMITRE4.11N/A

updated Detection_Factors, References, Relationships

2023-06-29N/ACWE Content TeamMITREN/AN/A

updated Mapping_Notes

2024-11-192024-11-19CWE Content TeamMITRE4.16N/A

updated Demonstrative_Examples

Modification Date: 2008-07-01

Release Date: N/A

Modifier: Eric Dalci

Organization: Cigital

Version: N/A

Importance: N/A

Comment:

updated References, Potential_Mitigations, Time_of_Introduction

Modification Date: 2008-09-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings

Modification Date: 2008-10-14

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description

Modification Date: 2008-11-24

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description, Other_Notes

Modification Date: 2009-03-10

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples

Modification Date: 2009-05-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Name

Modification Date: 2009-07-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples, Potential_Mitigations

Modification Date: 2009-10-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Common_Consequences, Description, Other_Notes, Theoretical_Notes

Modification Date: 2010-02-16

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Taxonomy_Mappings

Modification Date: 2010-06-21

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description, Name

Modification Date: 2011-03-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2011-06-01

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Common_Consequences, Description

Modification Date: 2012-05-11

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Common_Consequences, References, Relationships

Modification Date: 2012-10-30

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2014-06-23

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples

Modification Date: 2014-07-30

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships, Taxonomy_Mappings

Modification Date: 2015-12-07

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2017-05-03

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Related_Attack_Patterns

Modification Date: 2017-11-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Applicable_Platforms, Demonstrative_Examples

Modification Date: 2019-06-20

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2020-02-24

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Applicable_Platforms, Potential_Mitigations, Relationships, Type

Modification Date: 2020-06-25

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2021-10-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2022-06-28

Release Date: 2022-06-28

Modifier: CWE Content Team

Organization: MITRE

Version: 4.8

Importance: N/A

Comment:

Extended the abstraction of this entry to include both HTTP request and response splitting.

Modification Date: 2022-06-28

Release Date: 2022-06-28

Modifier: CWE Content Team

Organization: MITRE

Version: 4.8

Importance: N/A

Comment:

updated Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Theoretical_Notes

Modification Date: 2022-10-13

Release Date: 2022-10-13

Modifier: CWE Content Team

Organization: MITRE

Version: 4.9

Importance: N/A

Comment:

updated Demonstrative_Examples, Related_Attack_Patterns

Modification Date: 2023-01-31

Release Date: 2023-01-31

Modifier: CWE Content Team

Organization: MITRE

Version: 4.10

Importance: N/A

Comment:

updated Description

Modification Date: 2023-04-27

Release Date: 2023-04-23

Modifier: CWE Content Team

Organization: MITRE

Version: 4.11

Importance: N/A

Comment:

updated Detection_Factors, References, Relationships

Modification Date: 2023-06-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Mapping_Notes

Modification Date: 2024-11-19

Release Date: 2024-11-19

Modifier: CWE Content Team

Organization: MITRE

Version: 4.16

Importance: N/A

Comment:

updated Demonstrative_Examples

▼Contributions
Contributor DateRelease DateTypeContributorOrganizationVersionComment
2022-02-252022-10-13ContentJonathan LeitschuhDan Kaminsky Fellowship @ HUMAN Security4.9

Suggested a new entry for HTTP Request Splitting, leading to scope expansion for CWE-113

Contributor Date: 2022-02-25

Release Date: 2022-10-13

Type: Content

Contributor: Jonathan Leitschuh

Organization: Dan Kaminsky Fellowship @ HUMAN Security

Version: 4.9

Comment:

Suggested a new entry for HTTP Request Splitting, leading to scope expansion for CWE-113

▼Previous Name Entries
Change DatePrevious Entry NameVersion
2008-04-11

HTTP Response Splitting

Draft 9
2009-05-27

Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')

1.4
2010-06-21

Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

1.9
2022-06-28

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

4.8

Change Date: 2008-04-11

Version: Draft 9

Previous Entry Name: HTTP Response Splitting

Change Date: 2009-05-27

Version: 1.4

Previous Entry Name: Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')

Change Date: 2010-06-21

Version: 1.9

Previous Entry Name: Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Change Date: 2022-06-28

Version: 4.8

Previous Entry Name: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')