Fallos del tipo CWE-113
82 resultadosCVE-2022-37436MEDIUMApache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splittingEPSS 57.9%CVE-2024-52875HIGHAn issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonEPSS 27.3%CVE-2024-24795MEDIUMApache HTTP Server: HTTP Response Splitting in multiple modulesEPSS 2.9%CVE-2020-5247MEDIUMHTTP Response Splitting in PumaEPSS 2.5%CVE-2018-1067MEDIUMIn Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerEPSS 1.8%CVE-2018-13814—A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15"EPSS 1.7%CVE-2017-12309—A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitEPSS 1.7%CVE-2020-10753MEDIUMA flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers viEPSS 1.6%CVE-2023-41834—Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF SequencesEPSS 1.6%CVE-2020-5249MEDIUMHTTP Response Splitting (Early Hints) in PumaEPSS 1.6%CVE-2020-5216MEDIUMLimited header injection when using dynamic overrides with user input in RubyGems secure_headersEPSS 1.1%CVE-2019-15259MEDIUMCisco Unified Contact Center Express HTTP Response Splitting VulnerabilityEPSS 1.1%CVE-2019-16771MEDIUMImproper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in ArmeriaEPSS 1.0%CVE-2026-40175MEDIUMAxios has Unrestricted Cloud Metadata Exfiltration via Header Injection ChainEPSS 0.9%CVE-2020-3117MEDIUMCisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection VulnerabilityEPSS 0.9%CVE-2022-41915MEDIUMNetty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, wheEPSS 0.9%CVE-2019-25101MEDIUMOnShift TurboGears HTTP Header controllers.py response splittingEPSS 0.9%CVE-2021-0268HIGHJunos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.EPSS 0.9%CVE-2017-12308—A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to coEPSS 0.8%CVE-2023-0508LOWImproper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in GitLabEPSS 0.8%