Common Weakness Enumeration

CWE-644

Allowed

Improper Neutralization of HTTP Headers for Scripting Syntax

Abstraction: Variant · Status: Incomplete

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

104 vulnerabilities reference this CWE, most recent first.

CVE-2017-6031 (GCVE-0-2017-6031)

Vulnerability from cvelistv5 – Published: 2017-05-06 00:00 – Updated: 2024-08-05 15:18
VLAI
Summary
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Certec EDV GmbH atvise scada Affected: Certec EDV GmbH atvise scada
Date Public
2017-05-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:18:49.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
          },
          {
            "name": "97479",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Certec EDV GmbH atvise scada",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Certec EDV GmbH atvise scada"
            }
          ]
        }
      ],
      "datePublic": "2017-05-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An \"improper neutralization of HTTP headers for scripting syntax\" issue has been identified, which may allow remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-644",
              "description": "CWE-644",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-08T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
        },
        {
          "name": "97479",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97479"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Certec EDV GmbH atvise scada",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Certec EDV GmbH atvise scada"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An \"improper neutralization of HTTP headers for scripting syntax\" issue has been identified, which may allow remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-644"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
            },
            {
              "name": "97479",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97479"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-6031",
    "datePublished": "2017-05-06T00:00:00.000Z",
    "dateReserved": "2017-02-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:18:49.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-35X7-R658-WX7F

Vulnerability from github – Published: 2026-02-26 09:30 – Updated: 2026-03-12 15:30
VLAI
Details

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.

This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T08:16:19Z",
    "severity": "MODERATE"
  },
  "details": "A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.\n\nThis vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout\nof the WebClient and WebScheduler web apps.",
  "id": "GHSA-35x7-r658-wx7f",
  "modified": "2026-03-12T15:30:23Z",
  "published": "2026-02-26T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1698"
    },
    {
      "type": "WEB",
      "url": "https://www.pcvue.com/security/#SB2026-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-377H-VGG5-642Q

Vulnerability from github – Published: 2023-07-11 03:30 – Updated: 2024-04-04 05:54
VLAI
Details

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-11T03:15:10Z",
    "severity": "HIGH"
  },
  "details": "SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.\n\n",
  "id": "GHSA-377h-vgg5-642q",
  "modified": "2024-04-04T05:54:43Z",
  "published": "2023-07-11T03:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36921"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3348145"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3F53-3VGW-49W5

Vulnerability from github – Published: 2023-07-11 03:30 – Updated: 2024-04-04 05:54
VLAI
Details

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-213",
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-11T03:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.\n\n",
  "id": "GHSA-3f53-3vgw-49w5",
  "modified": "2024-04-04T05:54:42Z",
  "published": "2023-07-11T03:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36919"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3326769"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3H56-C742-73F2

Vulnerability from github – Published: 2026-01-19 18:30 – Updated: 2026-01-19 18:30
VLAI
Details

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-19T18:16:03Z",
    "severity": "LOW"
  },
  "details": "HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.",
  "id": "GHSA-3h56-c742-73f2",
  "modified": "2026-01-19T18:30:27Z",
  "published": "2026-01-19T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52660"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b\u0026searchTerm=kb0127995#"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3RCP-JP25-8FMH

Vulnerability from github – Published: 2025-12-01 03:30 – Updated: 2025-12-01 03:30
VLAI
Details

A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-01T03:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.",
  "id": "GHSA-3rcp-jp25-8fmh",
  "modified": "2025-12-01T03:30:27Z",
  "published": "2025-12-01T03:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/mediacrush.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.333813"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.333813"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.691857"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3V39-CFPX-F2W7

Vulnerability from github – Published: 2025-04-02 18:30 – Updated: 2025-04-02 18:30
VLAI
Details

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-02T16:17:40Z",
    "severity": "MODERATE"
  },
  "details": "IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.",
  "id": "GHSA-3v39-cfpx-f2w7",
  "modified": "2025-04-02T18:30:52Z",
  "published": "2025-04-02T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0154"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7229880"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3V4C-G5C7-652P

Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-12 15:30
VLAI
Details

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T21:16:40Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,\u00a0including cross-site scripting, cache poisoning or session hijacking",
  "id": "GHSA-3v4c-g5c7-652p",
  "modified": "2026-03-12T15:30:23Z",
  "published": "2026-03-10T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13213"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7263083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-44MP-WRCJ-WJX3

Vulnerability from github – Published: 2024-07-30 18:32 – Updated: 2024-07-30 18:32
VLAI
Details

IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  248478.",
  "id": "GHSA-44mp-wrcj-wjx3",
  "modified": "2024-07-30T18:32:06Z",
  "published": "2024-07-30T18:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26289"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248478"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7161537"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4CV3-8W5R-6G5R

Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32
VLAI
Details

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T20:16:20Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.\u00a0 This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
  "id": "GHSA-4cv3-8w5r-6g5r",
  "modified": "2026-03-10T21:32:17Z",
  "published": "2026-03-10T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36227"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7262816"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.

Mitigation
Architecture and Design

Disable script execution functionality in the clients' browser.

No CAPEC attack patterns related to this CWE.