CWE-644
AllowedImproper Neutralization of HTTP Headers for Scripting Syntax
Abstraction: Variant · Status: Incomplete
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
104 vulnerabilities reference this CWE, most recent first.
GHSA-57XH-VR62-7QQC
Vulnerability from github – Published: 2025-11-12 21:31 – Updated: 2025-11-12 21:31IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
{
"affected": [],
"aliases": [
"CVE-2025-36223"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-12T21:15:49Z",
"severity": "MODERATE"
},
"details": "IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
"id": "GHSA-57xh-vr62-7qqc",
"modified": "2025-11-12T21:31:09Z",
"published": "2025-11-12T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36223"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7250239"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-59F9-39VX-2R92
Vulnerability from github – Published: 2024-07-15 03:30 – Updated: 2024-07-15 03:30IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.
{
"affected": [],
"aliases": [
"CVE-2024-39736"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-15T02:15:05Z",
"severity": "MODERATE"
},
"details": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.",
"id": "GHSA-59f9-39vx-2r92",
"modified": "2024-07-15T03:30:58Z",
"published": "2024-07-15T03:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39736"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296003"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5C4W-8HHH-3C3H
Vulnerability from github – Published: 2024-10-31 00:30 – Updated: 2025-01-10 16:03A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.20.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-10006"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-31T14:49:31Z",
"nvd_published_at": "2024-10-30T22:15:03Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in Consul and Consul Enterprise (\"Consul\") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.",
"id": "GHSA-5c4w-8hhh-3c3h",
"modified": "2025-01-10T16:03:56Z",
"published": "2024-10-31T00:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10006"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/pull/21816"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/commit/d9206fc7e284a9244af4d62f8653a63ca30bd00c"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/consul"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250110-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability"
}
GHSA-5M2M-HJ2M-4XVR
Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
{
"affected": [],
"aliases": [
"CVE-2024-51454"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T16:16:31Z",
"severity": "MODERATE"
},
"details": "IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
"id": "GHSA-5m2m-hj2m-4xvr",
"modified": "2026-06-22T18:34:12Z",
"published": "2026-06-22T18:34:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51454"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7276371"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5R2P-47VM-6FH9
Vulnerability from github – Published: 2024-02-09 03:33 – Updated: 2024-02-09 03:33IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
{
"affected": [],
"aliases": [
"CVE-2023-45190"
],
"database_specific": {
"cwe_ids": [
"CWE-307",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-09T01:15:08Z",
"severity": "MODERATE"
},
"details": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.",
"id": "GHSA-5r2p-47vm-6fh9",
"modified": "2024-02-09T03:33:10Z",
"published": "2024-02-09T03:33:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45190"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268754"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7116045"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6PQV-G4GV-CWMH
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.
{
"affected": [],
"aliases": [
"CVE-2026-10836"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T13:19:32Z",
"severity": "MODERATE"
},
"details": "Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.",
"id": "GHSA-6pqv-g4gv-cwmh",
"modified": "2026-06-17T18:35:45Z",
"published": "2026-06-17T18:35:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10836"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6XG5-VVC4-9MRX
Vulnerability from github – Published: 2024-03-05 21:30 – Updated: 2024-03-05 21:30IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.
{
"affected": [],
"aliases": [
"CVE-2022-22399"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T20:16:00Z",
"severity": "MODERATE"
},
"details": "IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.",
"id": "GHSA-6xg5-vvc4-9mrx",
"modified": "2024-03-05T21:30:25Z",
"published": "2024-03-05T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22399"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222562"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6618959"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-77WJ-X762-6P2R
Vulnerability from github – Published: 2025-05-16 12:30 – Updated: 2025-10-09 21:31HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.
{
"affected": [],
"aliases": [
"CVE-2025-40631"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T11:15:45Z",
"severity": "LOW"
},
"details": "HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.",
"id": "GHSA-77wj-x762-6p2r",
"modified": "2025-10-09T21:31:08Z",
"published": "2025-05-16T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40631"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7M5C-FGWF-MWPH
Vulnerability from github – Published: 2023-07-17 12:30 – Updated: 2023-07-19 19:23Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.
For the application to be affected, it needs to satisfy the following requirements:
- It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.
- The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.hateoas:spring-hateoas"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.hateoas:spring-hateoas"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.hateoas:spring-hateoas"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-34036"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-17T14:10:24Z",
"nvd_published_at": "2023-07-17T11:15:09Z",
"severity": "MODERATE"
},
"details": "Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don\u0027t have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.\n\nFor the application to be affected, it needs to satisfy the following requirements:\n\n * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.\n * The application infrastructure does not guard against clients submitting (X-)Forwarded\u2026\u00a0headers.",
"id": "GHSA-7m5c-fgwf-mwph",
"modified": "2023-07-19T19:23:53Z",
"published": "2023-07-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34036"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-hateoas"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2023-34036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax"
}
GHSA-8C8C-3855-2GV4
Vulnerability from github – Published: 2025-04-21 15:31 – Updated: 2025-04-21 15:31IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.
{
"affected": [],
"aliases": [
"CVE-2025-2950"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-18T15:15:58Z",
"severity": "MODERATE"
},
"details": "IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.",
"id": "GHSA-8c8c-3855-2gv4",
"modified": "2025-04-21T15:31:21Z",
"published": "2025-04-21T15:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2950"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7231320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.
Mitigation
Disable script execution functionality in the clients' browser.
No CAPEC attack patterns related to this CWE.