CVE-2016-1133

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.

Published : 2016-01-16 05:59 Updated : 2016-01-21 16:07

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
H2o Project H2o 1.6.1 cpe:/a:h2o_project:h2o:1.6.1
H2o Project H2o 1.7.0 cpe:/a:h2o_project:h2o:1.7.0:beta2
  1. H2o Project (1) Search CVE
    1. H2o (2) Search CVE
      1. 1.6.1
      2. 1.7.0

CWE

There is no CWE for this CVE.

History of changes

Date Event
2016-01-16 05:59

New CVE