CVE-2016-1133

low

Description

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.

References

https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133

https://github.com/h2o/h2o/issues/684

https://github.com/h2o/h2o/issues/682

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003

http://jvn.jp/en/jp/JVN45928828/index.html

Details

Source: Mitre, NVD

Published: 2016-01-16

Updated: 2021-04-19

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Low

Detections

Analytics