Описание
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.1 (включая)
Одно из
cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
cpe:2.3:a:dena:h2o:1.7.0:beta2:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00386
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 3.7
debian
около 10 лет назад
CRLF injection vulnerability in the on_req function in lib/handler/red ...
CVSS3: 3.7
github
больше 3 лет назад
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
EPSS
Процентиль: 59%
0.00386
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other