CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O prior to 1.6.2 and 1.7.x prior to 1.7.0-beta3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dena h2o |
||
dena h2o 1.7.0 |