HTTP Response Splitting : suspicious HTTP/1.x in URL


Description   An HTTP Response splitting is based on a weakness in the HTTP protocol, which implements a mechanism for sequential processing of multiple queries placed successively within a single session. An attacker could exploit this by an illegitimate request, specifically to inject data in the response returned by the server.
     
Default
configuration 		 
Profiles High Medium Low Internet
Action Block Pass Pass Block
Alarm Level Minor Minor Ignore Minor
     
References  
     
Available since   ASQ v3.2.0
     
Protects   Undertow Multiple Vulnerabilities
IBM WebSphere Application Server HTTP Response Splitting Vulnerability
IBM Maximo Asset Management Multiple Vulnerabilities
Bottle "redirect()" Unescaped CRLF Sequences Vulnerability Fixed by 0.12.11
Red Hat JBoss Enterprise Application Platform Mutilple Vulnerabilities Fixed by 7.0.2
IBM WebSphere Application Server CRLF Injection Vulnerability
Varnish Header Injection and HTTP Response Splitting Vulnerability Fixed by 3.0.7
Ceph Object Gateway HTTP Response Splitting Vulnerability
H2O HTTP Response Splitting Vulnerability Fixed by v1.6.2
IBM WebSphere Commerce HTTP Response Splitting Vulnerability
Cisco TelePresence SX20 Carriage Return Line Feed Vulnerability
Zend Framework Two HTTP Response Splitting Vulnerabilities
IBM Cúram Social Program Management HTTP Response Splitting Vulnerability
PHP "header()" HTTP Response Splitting Vulnerability
Mandriva Security Update Fixes perl-CGI-Simple HTTP Response Splitting
Mandriva Security Update Fixes perl-CGI-Simple HTTP Response Splitting
CUPS Web Interface Cross Site Scripting and Response Splitting Issues
phpMyAdmin HTTP Response Splitting and File Inclusion Vulnerabilities
100 last CVE   CVE-2018-1067
CVE-2017-7559
CVE-2017-2670
CVE-2017-2666
CVE-2017-1503
CVE-2017-1292
CVE-2017-1291
CVE-2017-12165
CVE-2016-9964
CVE-2016-5406
CVE-2016-4993
CVE-2016-1133
CVE-2016-0359
CVE-2015-8852
CVE-2015-5245
CVE-2015-3154
CVE-2015-0770
CVE-2015-0196
CVE-2014-4803
CVE-2010-4411
CVE-2010-4410
CVE-2010-2761
CVE-2009-2820
CVE-2009-1149
CVE-2009-1148


 
 
 
 
 Risk level 
Moderate