目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-113 HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割) 类漏洞列表 55

CWE-113 HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割) 类弱点 55 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-113 属于注入类漏洞,指程序未正确过滤 HTTP 头中的回车换行符。攻击者利用此缺陷注入恶意 CRLF 序列,从而伪造响应头或拆分 HTTP 请求,实施缓存投毒、会话劫持或跨站脚本攻击。开发者应严格校验并转义用户输入,确保仅允许合法字符进入 HTTP 头,同时采用白名单机制过滤特殊符号,从源头阻断注入风险。

MITRE CWE 官方描述
CWE:CWE-113 HTTP 头中 CRLF 序列的不当中和('HTTP 请求/响应拆分') 英文:产品从 HTTP 代理/组件(例如,Web 服务器、代理、浏览器等)接收数据,但在将数据包含到出站 HTTP 头之前,未中和或错误地中和了 CR 和 LF 字符。 HTTP 代理或组件可能包括 Web 服务器、负载均衡器、反向代理、Web 缓存代理、应用防火墙、Web 浏览器等。无论其角色如何,它们都应在所有组件之间保持连贯、一致的 HTTP 通信状态。然而,在 HTTP 头中包含意外数据允许攻击者指定由客户端 HTTP 代理(例如,Web 浏览器)或后端 HTTP 代理(例如,Web 服务器)呈现的整个 HTTP 消息,无论该消息是请求的一部分还是响应的一部分。当 HTTP 请求包含意外的 CR 和 LF 字符时,服务器可能会响应一个输出流,该流被解释为将流“拆分”为两个不同的 HTTP 消息,而不是一个。CR 是回车符,也表示为 %0d 或 \r,LF 是换行符,也表示为 %0a 或 \n。除了 CR 和 LF 字符外,还可以使用其他有效/符合 RFC 的特殊字符和唯一字符编码,例如 HT(水平制表符,也表示为 %09 或 \t)和 SP(空格,也表示为 + 号或 %20)。HTTP 消息头中这些类型的未验证和意外数据允许攻击者控制第二个“拆分”消息,以发起服务器端请求伪造、跨站脚本和缓存投毒等攻击。HTTP 响应拆分弱点可能出现在以下情况:数据通过不受信任的来源进入 Web 应用程序,最常见的是 HTTP 请求。数据被包含在发送给 Web 用户的 HTTP 响应头中,而未中和可被解释为头分隔符的恶意字符。
常见影响 (1)
Integrity, Access ControlModify Application Data, Gain Privileges or Assume Identity
CR and LF characters in an HTTP header may give attackers control of the remaining headers and body of the message that the application intends to send/receive, as well as allowing them to create additional messages entirely under their control.
缓解措施 (4)
ImplementationConstruct HTTP headers very carefully, avoiding the use of non-validated input data.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. If an input does not strictly conform to specifications, reject it or transform it into something that conforms. When performing input validation, consider all potentially relevant properties, including length, type of input, the full r…
ImplementationUse and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are i…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
代码示例 (2)
The following code segment reads the name of the author of a weblog entry, author, from an HTTP request and sets it in a cookie header of an HTTP response.
String author = request.getParameter(AUTHOR_PARAM); ... Cookie cookie = new Cookie("author", author); cookie.setMaxAge(cookieExpiration); response.addCookie(cookie);
Bad · Java
HTTP/1.1 200 OK ... Set-Cookie: author=Jane Smith ...
Result
An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the server.
CVE ID标题CVSS风险等级Published
CVE-2026-42035 Axios 注入漏洞 — axios 7.4 High2026-04-24
CVE-2026-39971 Serendipity 安全漏洞 — Serendipity 7.2 High2026-04-14
CVE-2026-40175 Axios 代码问题漏洞 — axios 4.8 Medium2026-04-10
CVE-2026-34715 ewe 注入漏洞 — ewe 5.3 Medium2026-04-02
CVE-2026-34520 aiohttp 注入漏洞 — aiohttp 9.1 -2026-04-01
CVE-2026-34519 aiohttp 注入漏洞 — aiohttp 6.5 -2026-04-01
CVE-2026-34514 aiohttp 注入漏洞 — aiohttp 6.5 -2026-04-01
CVE-2025-55271 HCL Aftermarket DPC 安全漏洞 — Aftermarket DPC 3.1 Low2026-03-26
CVE-2026-27810 Calibre 注入漏洞 — calibre 6.4 Medium2026-02-27
CVE-2026-24320 SAP NetWeaver和SAP ABAP Platform 注入漏洞 — SAP NetWeaver and ABAP Platform (Application Server ABAP) 3.1 Low2026-02-10
CVE-2026-23686 SAP NetWeaver Application Server Java 注入漏洞 — SAP NetWeaver Application Server Java 3.4 Low2026-02-10
CVE-2026-22779 BlackSheep 注入漏洞 — BlackSheep 4.3AIMediumAI2026-01-14
CVE-2025-61689 Julia HTTP.jl 注入漏洞 — HTTP.jl 6.3AIMediumAI2025-10-10
CVE-2025-40927 MetaCPAN CGI::Simple 安全漏洞 — CGI::Simple 6.1 -2025-08-29
CVE-2025-42934 SAP S/4HANA 注入漏洞 — SAP S/4HANA (Supplier invoice) 4.3 Medium2025-08-12
CVE-2025-53007 arduino-esp32 注入漏洞 — arduino-esp32 7.5AIHighAI2025-06-26
CVE-2025-41234 VMware Spring Framework 安全漏洞 — Spring Framework 6.5 Medium2025-06-12
CVE-2025-30221 Shopify Pitchfork 注入漏洞 — pitchfork 5.4AIMediumAI2025-03-27
CVE-2025-0825 cpp-httplib 安全漏洞 6.1 -2025-02-04
CVE-2024-52875 GFI Kerio Control 安全漏洞 — Kerio Control 8.8 High2025-01-31
CVE-2024-45687 Payara Server和Payara Micro 注入漏洞 — Payara Server 6.5 -2025-01-21
CVE-2024-54021 Fortinet FortiOS和Fortinet FortiProxy 注入漏洞 — FortiOS 6.4 Medium2025-01-14
CVE-2024-42487 Cilium 安全漏洞 — cilium 4.0 Medium2024-08-15
CVE-2024-20392 Cisco AsyncOS 安全漏洞 — Cisco Secure Email 6.1 Medium2024-05-15
CVE-2024-24795 Apache HTTP Server 安全漏洞 — Apache HTTP Server 9.1 -2024-04-04
CVE-2024-23644 Trillium 注入漏洞 — trillium 6.8 Medium2024-01-24
CVE-2023-48256 Bosch Nexo cordless nutrunner 安全漏洞 — Nexo cordless nutrunner NXA015S-36V (0608842001) 5.3 Medium2024-01-10
CVE-2023-26147 libhv 跨站脚本漏洞 — ithewei/libhv 5.3 Medium2023-09-29
CVE-2023-41834 Apache Flink 注入漏洞 — Apache Flink Stateful Functions 5.4 -2023-09-19
CVE-2023-26142 Crow 注入漏洞 — Crow 6.5 Medium2023-09-12

CWE-113(HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)) 是常见的弱点类别,本平台收录该类弱点关联的 55 条 CVE 漏洞。