CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
References
Link Resource
https://download.daj.co.jp/user/ifilter/V9/ Permissions Required Vendor Advisory
https://jvn.jp/en/jp/JVN32155106/index.html Third Party Advisory
https://download.daj.co.jp/user/ifilter/V9/ Permissions Required Vendor Advisory
https://jvn.jp/en/jp/JVN32155106/index.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:52

Type Values Removed Values Added
References () https://download.daj.co.jp/user/ifilter/V9/ - Permissions Required, Vendor Advisory () https://download.daj.co.jp/user/ifilter/V9/ - Permissions Required, Vendor Advisory
References () https://jvn.jp/en/jp/JVN32155106/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN32155106/index.html - Third Party Advisory

Information

Published : 2019-01-09 23:29

Updated : 2024-11-21 03:52


NVD link : CVE-2018-16181

Mitre link : CVE-2018-16181

CVE.ORG link : CVE-2018-16181


JSON object : View

Products Affected

daj

  • i-filter
CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')