CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
Configuration 3 (hide)
| 
 | 
Configuration 4 (hide)
| 
 | 
Configuration 5 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2016-10-10 16:59
Updated : 2025-04-12 10:46
NVD link : CVE-2016-5325
Mitre link : CVE-2016-5325
CVE.ORG link : CVE-2016-5325
JSON object : View
Products Affected
                suse
- linux_enterprise
nodejs
- node.js
CWE
                
                    
                        
                        CWE-113
                        
            Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
