CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
References
Configurations
Configuration 1 (hide)
|
History
19 Apr 2021, 14:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:h2o_project:h2o:*:*:*:*:*:*:*:* |
cpe:2.3:a:dena:h2o:1.7.0:beta2:*:*:*:*:*:* cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:* |
Information
Published : 2016-01-16 05:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-1133
Mitre link : CVE-2016-1133
CVE.ORG link : CVE-2016-1133
JSON object : View
Products Affected
dena
- h2o
CWE