Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-644 (对HTTP头部进行脚本语法转义处理不恰当) — Vulnerability Class 45

45 vulnerabilities classified as CWE-644 (对HTTP头部进行脚本语法转义处理不恰当). AI Chinese analysis included.

CWE-644 represents a critical input validation weakness where applications fail to properly sanitize user-supplied data before injecting it into HTTP headers. This flaw typically enables attackers to execute cross-site scripting (XSS) attacks by embedding malicious scripting syntax within header fields, which browsers or specific components like Flash may then process and execute. Such exploitation compromises user integrity and confidentiality by allowing arbitrary code execution within the victim’s browser context. To mitigate this risk, developers must implement rigorous output encoding and strict validation mechanisms for all data entering HTTP headers. By ensuring that special characters are neutralized or escaped appropriately, developers prevent the browser from interpreting injected content as executable script, thereby securing the application against header-based injection vulnerabilities and maintaining robust security boundaries.

MITRE CWE Description
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash. An attacker may be able to conduct cross-site scripting and other attacks against users who have these components enabled. If a product does not neutralize user controlled data being placed in the header of an HTTP response coming from the server, the header may contain a script that will get executed in the client's browser context, potentially resulting in a cross site scripting vulnerability or possibly an HTTP response splitting attack. It is important to carefully control data that is being placed both in HTTP response header and in the HTTP response body to ensure that no scripting syntax is present, taking various encodings into account.
Common Consequences (2)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
Run arbitrary code.
ConfidentialityRead Application Data
Attackers may be able to obtain sensitive information.
Mitigations (2)
Architecture and DesignPerform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.
Architecture and DesignDisable script execution functionality in the clients' browser.
Examples (1)
In the following Java example, user-controlled data is added to the HTTP headers and returned to the client. Given that the data is not subject to neutralization, a malicious user may be able to inject dangerous scripting tags that will lead to script execution in the client browser.
response.addHeader(HEADER_NAME, untrustedRawInputData);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers — @fastify/reply-from 7.5 -2026-04-15
CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera Shares 5.4 Medium2026-04-01
CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection — recipes 8.1 High2026-03-26
CVE-2025-14807 IBM InfoSphere Information Server is vulnerable to HTTP header injection — InfoSphere Information Server 6.5 Medium2026-03-25
CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator — Aspera Orchestrator 5.4 Medium2026-03-10
CVE-2025-36227 Multiple vulnerabilities in IBM Aspera Faspex — Aspera Faspex 5 5.4 Medium2026-03-10
CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps — PcVue 6.5AIMediumAI2026-02-26
CVE-2025-27901 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUW 6.5 Medium2026-02-17
CVE-2026-26234 JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax — JUNG Smart Visu Server 8.8 High2026-02-12
CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software — Concert 6.5 Medium2026-02-04
CVE-2025-52660 HCL AION is affected by an Host Header Injection vulnerability — AION 2.7 Low2026-01-19
CVE-2025-64425 Coolify has host header injection in forgot password — coolify 8.0 -2026-01-05
CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax — MediaCrush 7.3 High2025-12-01
CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax — Hush Framework 5.3 Medium2025-11-20
CVE-2025-36223 IBM OpenPages Host Header Injection — OpenPages 5.4 Medium2025-11-12
CVE-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation — oauth2-proxy 8.5 High2025-11-10
CVE-2025-52647 HCL BigFix WebUI is affected by a host header poisoning vulnerability — BigFix WebUI 6.1 Medium2025-10-10
CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis HOST header injection — SmartCloud Analytics Log Analysis 5.4 Medium2025-07-23
CVE-2025-40631 HTTP host header injection vulnerability in IceWarp Mail Server — Icewarp Mail Server 6.1AIMediumAI2025-05-16
CVE-2025-24339 Bosch Rexroth ctrlX OS 安全漏洞 — ctrlX OS - Device Admin 5.0 Medium2025-04-30
CVE-2025-2950 IBM i improper HTTP header neutralization — i 5.4 Medium2025-04-18
CVE-2022-43847 IBM Aspera Console HTTP header injection — Aspera Console 5.4 Medium2025-04-14
CVE-2025-0154 IBM TXSeries for Multiplatforms information disclosure — TXSeries for Multiplatforms 5.3 Medium2025-04-02
CVE-2025-27632 Hitachi Energy TRMTracker 注入漏洞 — TRMTracker 6.1 Medium2025-03-25
CVE-2023-35894 IBM Control Center HOST header injection — Control Center 5.4 Medium2025-03-07
CVE-2025-23191 Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP — SAP Fiori for SAP ERP 3.1 Low2025-02-11
CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability — Nomad server on Domino 5.3 Medium2024-12-06
CVE-2024-10006 Consul L7 Intentions Vulnerable To Headers Bypass — Consul 8.3 High2024-10-30
CVE-2024-47549 Sharp MFP 安全漏洞 — Sharp Digital Full-color MFPs and Monochrome MFPs 7.4 High2024-10-25
CVE-2023-26289 IBM Aspera Orchestrator HTTP header injection — Aspera Orchestrator 5.4 Medium2024-07-30

Vulnerabilities classified as CWE-644 (对HTTP头部进行脚本语法转义处理不恰当) represent 45 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.