What is CVE-2016-1133?

CVE-2016-1133 is a low-severity vulnerability in Dena H2o. CVSS score: 3.7/10. Published 2016-01-16.

How severe is CVE-2016-1133?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Dena H2o

CVE-2016-1133

CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a craft…

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Dena H2o — versions 1.7.0
N/a — versions n/a

References

vultures@jpcert.or.jp (x_refsource_CONFIRM)
vultures@jpcert.or.jp (x_refsource_CONFIRM)
JVNDB-2016-000003 (x_refsource_JVNDB, third-party-advisory, Vendor Advisory)
JVN#45928828 (x_refsource_JVN, third-party-advisory, Vendor Advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2016-1133?: CVE-2016-1133 is a low-severity vulnerability in Dena H2o. CVSS score: 3.7/10. Published 2016-01-16.
How severe is CVE-2016-1133?: Low severity. CVSS v3 base score is 3.7 out of 10.