CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2016-01-16T02:00:00
Updated: 2016-01-16T04:57:01
Reserved: 2015-12-26T00:00:00
Link: CVE-2016-1133
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-01-16T05:59:03.253
Modified: 2021-04-19T14:01:54.663
Link: CVE-2016-1133
JSON object: View
Redhat Information
No data.
CWE