CVE-2016-5325
CVSS v3.0
6.1 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.44 % (75th)
Affected Products
2
Advisories
3
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
Weaknesses
- CWE-113
- Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2016-10-10 16:59:00
(8 years ago) - Updated Date
-
2018-01-05 02:31:00
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...