Falhas do tipo CWE-113
82 resultadosCVE-2024-54021MEDIUMAn Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 tEPSS 0.8%CVE-2023-32708HIGHHTTP Response Splitting via the ‘rest’ SPL CommandEPSS 0.7%CVE-2024-40324CRITICALA CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fielEPSS 0.6%CVE-2024-23644MEDIUMtrillium-http and trillium-client vulnerable to HTTP Request/Response SplittingEPSS 0.6%CVE-2017-7528MEDIUMAnsible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For headEPSS 0.6%CVE-2022-20772MEDIUMA vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attackEPSS 0.5%CVE-2022-3215HIGHNIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1EPSS 0.5%CVE-2024-42487MEDIUMCilium's Gateway API route matching order contradicts specificationEPSS 0.5%CVE-2025-41234MEDIUMRFD Attack via “Content-Disposition” Header Sourced from RequestEPSS 0.5%CVE-2022-42472MEDIUMA improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.EPSS 0.5%CVE-2022-42471MEDIUMAn improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 tEPSS 0.5%CVE-2026-34520LOWAIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypassEPSS 0.5%CVE-2023-26142MEDIUMAll versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header EPSS 0.4%CVE-2025-40927HIGHCGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flawEPSS 0.4%CVE-2021-40336MEDIUMHTTP Response Splitting in Hitachi Energy’s MSM ProductEPSS 0.4%CVE-2026-42578LOWNetty: HTTP Header Injection via HttpProxyHandler Disabled ValidationEPSS 0.4%CVE-2026-50630MEDIUMApache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm InjectionEPSS 0.4%CVE-2023-34472MEDIUMAMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A succEPSS 0.4%CVE-2025-53007HIGHarduino-esp32 vulnerable to CRLF injection in WebServer.cppEPSS 0.4%CVE-2026-43870HIGHApache Thrift: Node.js web_server.js multi-vulnerabilityEPSS 0.4%