Common Weakness Enumeration

CWE-644

Allowed

Improper Neutralization of HTTP Headers for Scripting Syntax

Abstraction: Variant · Status: Incomplete

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

104 vulnerabilities reference this CWE, most recent first.

GHSA-57XH-VR62-7QQC

Vulnerability from github – Published: 2025-11-12 21:31 – Updated: 2025-11-12 21:31
VLAI
Details

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T21:15:49Z",
    "severity": "MODERATE"
  },
  "details": "IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
  "id": "GHSA-57xh-vr62-7qqc",
  "modified": "2025-11-12T21:31:09Z",
  "published": "2025-11-12T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36223"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7250239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-59F9-39VX-2R92

Vulnerability from github – Published: 2024-07-15 03:30 – Updated: 2024-07-15 03:30
VLAI
Details

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-15T02:15:05Z",
    "severity": "MODERATE"
  },
  "details": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.",
  "id": "GHSA-59f9-39vx-2r92",
  "modified": "2024-07-15T03:30:58Z",
  "published": "2024-07-15T03:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39736"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296003"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7160185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5C4W-8HHH-3C3H

Vulnerability from github – Published: 2024-10-31 00:30 – Updated: 2025-01-10 16:03
VLAI
Summary
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Details

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/consul"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "1.20.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-10006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-644"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-31T14:49:31Z",
    "nvd_published_at": "2024-10-30T22:15:03Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in Consul and Consul Enterprise (\"Consul\") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.",
  "id": "GHSA-5c4w-8hhh-3c3h",
  "modified": "2025-01-10T16:03:56Z",
  "published": "2024-10-31T00:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10006"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/consul/pull/21816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/consul/commit/d9206fc7e284a9244af4d62f8653a63ca30bd00c"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/consul"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250110-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability"
}

GHSA-5M2M-HJ2M-4XVR

Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34
VLAI
Details

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-22T16:16:31Z",
    "severity": "MODERATE"
  },
  "details": "IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
  "id": "GHSA-5m2m-hj2m-4xvr",
  "modified": "2026-06-22T18:34:12Z",
  "published": "2026-06-22T18:34:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51454"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7276371"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5R2P-47VM-6FH9

Vulnerability from github – Published: 2024-02-09 03:33 – Updated: 2024-02-09 03:33
VLAI
Details

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-45190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307",
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-09T01:15:08Z",
    "severity": "MODERATE"
  },
  "details": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  268754.",
  "id": "GHSA-5r2p-47vm-6fh9",
  "modified": "2024-02-09T03:33:10Z",
  "published": "2024-02-09T03:33:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45190"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268754"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7116045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PQV-G4GV-CWMH

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:19:32Z",
    "severity": "MODERATE"
  },
  "details": "Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.",
  "id": "GHSA-6pqv-g4gv-cwmh",
  "modified": "2026-06-17T18:35:45Z",
  "published": "2026-06-17T18:35:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10836"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6XG5-VVC4-9MRX

Vulnerability from github – Published: 2024-03-05 21:30 – Updated: 2024-03-05 21:30
VLAI
Details

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-05T20:16:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  222562.",
  "id": "GHSA-6xg5-vvc4-9mrx",
  "modified": "2024-03-05T21:30:25Z",
  "published": "2024-03-05T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22399"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222562"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6618959"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77WJ-X762-6P2R

Vulnerability from github – Published: 2025-05-16 12:30 – Updated: 2025-10-09 21:31
VLAI
Details

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40631"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-16T11:15:45Z",
    "severity": "LOW"
  },
  "details": "HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.",
  "id": "GHSA-77wj-x762-6p2r",
  "modified": "2025-10-09T21:31:08Z",
  "published": "2025-05-16T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40631"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7M5C-FGWF-MWPH

Vulnerability from github – Published: 2023-07-17 12:30 – Updated: 2023-07-19 19:23
VLAI
Summary
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Details

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.

For the application to be affected, it needs to satisfy the following requirements:

  • It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.
  • The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.hateoas:spring-hateoas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.hateoas:spring-hateoas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.hateoas:spring-hateoas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-34036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-644"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-17T14:10:24Z",
    "nvd_published_at": "2023-07-17T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don\u0027t have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.\n\nFor the application to be affected, it needs to satisfy the following requirements:\n\n  *  It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.\n  *  The application infrastructure does not guard against clients submitting (X-)Forwarded\u2026\u00a0headers.",
  "id": "GHSA-7m5c-fgwf-mwph",
  "modified": "2023-07-19T19:23:53Z",
  "published": "2023-07-17T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34036"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-hateoas"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2023-34036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax"
}

GHSA-8C8C-3855-2GV4

Vulnerability from github – Published: 2025-04-21 15:31 – Updated: 2025-04-21 15:31
VLAI
Details

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-644"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-18T15:15:58Z",
    "severity": "MODERATE"
  },
  "details": "IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.",
  "id": "GHSA-8c8c-3855-2gv4",
  "modified": "2025-04-21T15:31:21Z",
  "published": "2025-04-21T15:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2950"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7231320"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.

Mitigation
Architecture and Design

Disable script execution functionality in the clients' browser.

No CAPEC attack patterns related to this CWE.