1 vulnerabilities classified as CWE-443. AI Chinese analysis included.
CWE-443, now deprecated and superseded by CWE-113, represents a critical input validation weakness involving HTTP response splitting. This vulnerability occurs when an application incorporates untrusted user input directly into HTTP response headers without proper sanitization. Attackers typically exploit this by injecting carriage return and line feed characters, effectively splitting a single HTTP response into two. This manipulation allows adversaries to alter the status line, inject malicious content, or perform cross-site scripting attacks against other users. To prevent this, developers must strictly validate and sanitize all user-supplied data before including it in headers. Implementing robust input filtering, using safe APIs that automatically encode special characters, and adhering to strict output encoding standards are essential practices. By ensuring that only expected, safe characters are processed, organizations can effectively mitigate the risk of response splitting and maintain the integrity of their web applications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33523 | Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line — Apache HTTP Server | 7.5 | - | 2026-05-04 |
Vulnerabilities classified as CWE-443 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.