CWE-113

Overview

CWE ID
113

CWE Name
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Incomplete

Description

The software receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Extended Description

Related CWEs

CWE ID	View ID	Nature	Ordinal
93	1000	ChildOf	Primary
79	1000	CanPrecede
20	700	ChildOf	Primary
436	1000	ChildOf

Related CVEs

CVE
CVE-2018-3911
CVE-2020-10753
CVE-2018-18837
CVE-2018-0689
CVE-2016-5699
CVE-2018-11347
CVE-2018-16181
CVE-2015-1445
CVE-2016-8024
CVE-2017-7443
CVE-2015-0733
CVE-2016-6839
CVE-2020-5247
CVE-2018-1067
CVE-2017-12309
CVE-2017-17742
CVE-2018-7830
CVE-2018-16979
CVE-2007-5595
CVE-2016-5325
CVE-2017-1262
CVE-2022-41915
CVE-2022-37436
CVE-2019-25101
CVE-2022-37953
CVE-2021-40336
CVE-2018-13814
CVE-2023-26147
CVE-2023-26137
CVE-2023-26142
CVE-2023-48256
CVE-2023-41834
CVE-2023-32708
CVE-2023-42450
CVE-2023-34472
CVE-2024-20392
CVE-2024-23644
CVE-2023-42450
CVE-2023-34472
CVE-2024-20392
CVE-2024-23644
CVE-2024-42487