CWE-644
AllowedImproper Neutralization of HTTP Headers for Scripting Syntax
Abstraction: Variant · Status: Incomplete
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
104 vulnerabilities reference this CWE, most recent first.
CVE-2017-6031 (GCVE-0-2017-6031)
Vulnerability from cvelistv5 – Published: 2017-05-06 00:00 – Updated: 2024-08-05 15:18| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A | x_refsource_MISC |
| http://www.securityfocus.com/bid/97479 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Certec EDV GmbH atvise scada |
Affected:
Certec EDV GmbH atvise scada
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
},
{
"name": "97479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Certec EDV GmbH atvise scada",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Certec EDV GmbH atvise scada"
}
]
}
],
"datePublic": "2017-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An \"improper neutralization of HTTP headers for scripting syntax\" issue has been identified, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-08T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
},
{
"name": "97479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Certec EDV GmbH atvise scada",
"version": {
"version_data": [
{
"version_value": "Certec EDV GmbH atvise scada"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An \"improper neutralization of HTTP headers for scripting syntax\" issue has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-644"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
},
{
"name": "97479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6031",
"datePublished": "2017-05-06T00:00:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-35X7-R658-WX7F
Vulnerability from github – Published: 2026-02-26 09:30 – Updated: 2026-03-12 15:30A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.
This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps.
{
"affected": [],
"aliases": [
"CVE-2026-1698"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-26T08:16:19Z",
"severity": "MODERATE"
},
"details": "A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.\n\nThis vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout\nof the WebClient and WebScheduler web apps.",
"id": "GHSA-35x7-r658-wx7f",
"modified": "2026-03-12T15:30:23Z",
"published": "2026-02-26T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1698"
},
{
"type": "WEB",
"url": "https://www.pcvue.com/security/#SB2026-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear",
"type": "CVSS_V4"
}
]
}
GHSA-377H-VGG5-642Q
Vulnerability from github – Published: 2023-07-11 03:30 – Updated: 2024-04-04 05:54SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.
{
"affected": [],
"aliases": [
"CVE-2023-36921"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T03:15:10Z",
"severity": "HIGH"
},
"details": "SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.\n\n",
"id": "GHSA-377h-vgg5-642q",
"modified": "2024-04-04T05:54:43Z",
"published": "2023-07-11T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36921"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3348145"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3F53-3VGW-49W5
Vulnerability from github – Published: 2023-07-11 03:30 – Updated: 2024-04-04 05:54In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-36919"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-213",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T03:15:10Z",
"severity": "MODERATE"
},
"details": "In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.\n\n",
"id": "GHSA-3f53-3vgw-49w5",
"modified": "2024-04-04T05:54:42Z",
"published": "2023-07-11T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36919"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3326769"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3H56-C742-73F2
Vulnerability from github – Published: 2026-01-19 18:30 – Updated: 2026-01-19 18:30HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
{
"affected": [],
"aliases": [
"CVE-2025-52660"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-19T18:16:03Z",
"severity": "LOW"
},
"details": "HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.",
"id": "GHSA-3h56-c742-73f2",
"modified": "2026-01-19T18:30:27Z",
"published": "2026-01-19T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52660"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b\u0026searchTerm=kb0127995#"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3RCP-JP25-8FMH
Vulnerability from github – Published: 2025-12-01 03:30 – Updated: 2025-12-01 03:30A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.
{
"affected": [],
"aliases": [
"CVE-2025-13803"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-01T03:15:46Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.",
"id": "GHSA-3rcp-jp25-8fmh",
"modified": "2025-12-01T03:30:27Z",
"published": "2025-12-01T03:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13803"
},
{
"type": "WEB",
"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/mediacrush.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.333813"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.333813"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.691857"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3V39-CFPX-F2W7
Vulnerability from github – Published: 2025-04-02 18:30 – Updated: 2025-04-02 18:30IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.
{
"affected": [],
"aliases": [
"CVE-2025-0154"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T16:17:40Z",
"severity": "MODERATE"
},
"details": "IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.",
"id": "GHSA-3v39-cfpx-f2w7",
"modified": "2025-04-02T18:30:52Z",
"published": "2025-04-02T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0154"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7229880"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3V4C-G5C7-652P
Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-12 15:30IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
{
"affected": [],
"aliases": [
"CVE-2025-13213"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T21:16:40Z",
"severity": "MODERATE"
},
"details": "IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,\u00a0including cross-site scripting, cache poisoning or session hijacking",
"id": "GHSA-3v4c-g5c7-652p",
"modified": "2026-03-12T15:30:23Z",
"published": "2026-03-10T21:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13213"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7263083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-44MP-WRCJ-WJX3
Vulnerability from github – Published: 2024-07-30 18:32 – Updated: 2024-07-30 18:32IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.
{
"affected": [],
"aliases": [
"CVE-2023-26289"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T17:15:12Z",
"severity": "MODERATE"
},
"details": "IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.",
"id": "GHSA-44mp-wrcj-wjx3",
"modified": "2024-07-30T18:32:06Z",
"published": "2024-07-30T18:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26289"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248478"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7161537"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CV3-8W5R-6G5R
Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
{
"affected": [],
"aliases": [
"CVE-2025-36227"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T20:16:20Z",
"severity": "MODERATE"
},
"details": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.\u00a0 This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
"id": "GHSA-4cv3-8w5r-6g5r",
"modified": "2026-03-10T21:32:17Z",
"published": "2026-03-10T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36227"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7262816"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.
Mitigation
Disable script execution functionality in the clients' browser.
No CAPEC attack patterns related to this CWE.