HTTP Response Splitting

Les attaques HTTP Response Splitting utilisent une forme de vulnérabilité applicative, résultat de l'échec d'une application ou d'un environnement de correctement contrôler des valeurs d'entrée. Ce mode d'attaque peut-être utilisé pour effectuer des attaques cross-site scripting (XSS), des défacements inter-utilisateur, de l'empoisonnement de cache ou des exploits similaires.

Vulnérabilités récentes par scissions de sessions HTTP

06 Aoû 2016

CVE-2016-5331 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (CVSS:4.3) (Last Update:2016-08-11)

02 Juil 2016

CVE-2016-0359 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. (CVSS:4.3) (Last Update:2016-07-06)

01 Juil 2016

CVE-2016-0400 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. (CVSS:4.3) (Last Update:2016-07-06)

06 Mai 2016

CVE-2016-0902 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (CVSS:5.0) (Last Update:2016-05-09)

24 Avr 2016

CVE-2015-8852 Vulnerability

Publié par . Publié dans Http response splitting

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. (CVSS:5.0) (Last Update:2016-05-06)

20 Avr 2016

CVE-2016-2303 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. (CVSS:5.0) (Last Update:2016-04-27)

11 Avr 2016

CVE-2016-3166 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers. (CVSS:4.3) (Last Update:2016-04-12)

06 Avr 2016

CVE-2016-0789 Vulnerability

Publié par . Publié dans Http response splitting

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. (CVSS:4.3) (Last Update:2016-07-14)

HTTP Response Splitting

Vulnérabilités récentes par scissions de sessions HTTP

CVE-2016-5331 Vulnerability

CVE-2016-0359 Vulnerability

CVE-2016-0400 Vulnerability

CVE-2016-0902 Vulnerability

CVE-2015-8852 Vulnerability

CVE-2016-2303 Vulnerability

CVE-2016-3166 Vulnerability

CVE-2016-0789 Vulnerability

Pour nous Contacter

Newsletter Cybersécurité

Ressources Sécurité

Notre expertise cybersécurité validée par de multiples certifications internationales