Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-644 (对HTTP头部进行脚本语法转义处理不恰当) — Vulnerability Class 45

45 vulnerabilities classified as CWE-644 (对HTTP头部进行脚本语法转义处理不恰当). AI Chinese analysis included.

CWE-644 represents a critical input validation weakness where applications fail to properly sanitize user-supplied data before injecting it into HTTP headers. This flaw typically enables attackers to execute cross-site scripting (XSS) attacks by embedding malicious scripting syntax within header fields, which browsers or specific components like Flash may then process and execute. Such exploitation compromises user integrity and confidentiality by allowing arbitrary code execution within the victim’s browser context. To mitigate this risk, developers must implement rigorous output encoding and strict validation mechanisms for all data entering HTTP headers. By ensuring that special characters are neutralized or escaped appropriately, developers prevent the browser from interpreting injected content as executable script, thereby securing the application against header-based injection vulnerabilities and maintaining robust security boundaries.

MITRE CWE Description
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash. An attacker may be able to conduct cross-site scripting and other attacks against users who have these components enabled. If a product does not neutralize user controlled data being placed in the header of an HTTP response coming from the server, the header may contain a script that will get executed in the client's browser context, potentially resulting in a cross site scripting vulnerability or possibly an HTTP response splitting attack. It is important to carefully control data that is being placed both in HTTP response header and in the HTTP response body to ensure that no scripting syntax is present, taking various encodings into account.
Common Consequences (2)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
Run arbitrary code.
ConfidentialityRead Application Data
Attackers may be able to obtain sensitive information.
Mitigations (2)
Architecture and DesignPerform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.
Architecture and DesignDisable script execution functionality in the clients' browser.
Examples (1)
In the following Java example, user-controlled data is added to the HTTP headers and returned to the client. Given that the data is not subject to neutralization, a malicious user may be able to inject dangerous scripting tags that will lead to script execution in the client browser.
response.addHeader(HEADER_NAME, untrustedRawInputData);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-39736 IBM Datacap Navigator HTTP HOST header injection — Datacap Navigator 6.5 Medium2024-07-15
CVE-2022-22399 IBM Aspera Faspex HTTP header injection — Aspera Faspex 5.4 Medium2024-03-05
CVE-2024-21499 caddy-security 安全漏洞 — github.com/greenpau/caddy-security 4.3 Medium2024-02-17
CVE-2024-1064 Improper Neutralization of HTTP Headers for Scripting Syntax in Crafty Controller 4 — Crafty Controller 7.5 High2024-02-03
CVE-2023-47143 IBM Tivoli Application Dependency Discovery Manager HOST header injection — Tivoli Application Dependency Discovery Manager 10.0 Critical2024-02-02
CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux — Spring HATEOAS 5.3 Medium2023-07-17
CVE-2023-36921 Header Injection in SAP Solution Manager (Diagnostic Agent) — SAP Solution Manager (Diagnostic Agent) 7.2 High2023-07-11
CVE-2023-32465 Dell PowerProtect Cyber Recovery 安全漏洞 — PowerProtect Cyber Recovery 8.8 High2023-06-14
CVE-2022-45102 Dell EMC Data Protection Central 安全漏洞 — Data Protection Central 5.4 Medium2023-02-01
CVE-2021-38997 IBM API Connect HOST header injection — API Connect 5.4 Medium2022-12-01
CVE-2022-34316 IBM CICS TX information disclosure — CICS TX 3.7 Low2022-11-14
CVE-2021-20784 Voidtools Everything 安全漏洞 — Everything 6.1 -2021-07-14
CVE-2021-21265 October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers — october 6.8 Medium2021-03-10
CVE-2020-6982 Honeywell WIN-PAK 安全漏洞 — Honeywell WIN-PAK 4.7.2, Web and prior versions 9.8 -2020-03-24
CVE-2017-6031 Certec EDV GmbH atvise scada 安全漏洞 — Certec EDV GmbH atvise scada 8.3 -2017-05-06

Vulnerabilities classified as CWE-644 (对HTTP头部进行脚本语法转义处理不恰当) represent 45 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.