Latest Security News about crlf injection

Contact US For API Security>

Potential CRLF injection attacks in Zend_Mail

Overview : CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. Affected Product(s) : Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x […]

Contact US For API Security>

CRLF/HTML entity injection with most recent version of PHPMyAdmin #16056

  Overview : ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable." CVE-2020-11441   CRLF/HTML entity injection with most recent version of PHPMyAdmin #16056 Describe the bug The login form [...]
Contact US For API Security>

Apache HTTP Server 2.4 vulnerabilities

  Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927   Apache HTTP Server 2.4 vulnerabilities This page lists all security vulnerabilities fixed in released versions [...]