Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP …

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be tr…

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed…

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdi…

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in …

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security Virus…

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x b…

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy…

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x bef…

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-previ…

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x throug…

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x throug…

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js ca…

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting…

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary …

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before …

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x throug…

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers t…

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php c…

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x…

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweigh…

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can i…

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.…

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.…

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat J…

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowi…

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted…

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request …

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta …

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP H…

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerabi…

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker co…

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP res…

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, a…

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcompone…

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue aff…

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker co…

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x be…

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was…