Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-93:Improper Neutralization of CRLF Sequences ('CRLF Injection')
Weakness ID:93
Version:v4.17
Weakness Name:Improper Neutralization of CRLF Sequences ('CRLF Injection')
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
104Vulnerabilities found
CVE-2016-4993
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.48% / 80.77%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxjboss_enterprise_application_platformjboss_wildfly_application_servern/a
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2016-5331
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 49.34%
||
7 Day CHG-0.07%
Published-08 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-esxivcenter_servern/a
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2015-0770
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.27% / 50.62%
||
7 Day CHG~0.00%
Published-07 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_tc_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2007-0892
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 73.00%
||
7 Day CHG~0.00%
Published-12 Feb, 2007 | 23:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

Action-Not Available
Vendor-matthieu_aubryn/a
Product-phpmyvisitesn/a
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next