CWE-644— Improper Neutralization of HTTP Headers for Scripting Syntax
48 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-644page 1 of 1
- CVE-2020-6982HIGHCVSS 8.8EG 8.82020-03-24
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
- CVE-2021-20784MEDIUMCVSS 6.1EG 6.12021-07-14
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.
- CVE-2021-21265MEDIUMCVSS 6.8EG 6.82021-03-10
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to a…
- CVE-2021-38997MEDIUMCVSS 5.4EG 5.42022-12-12
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker…
- CVE-2021-41114MEDIUMCVSS 4.8EG 4.82021-10-05
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host …
- CVE-2022-22399MEDIUMCVSS 5.4EG 5.42024-03-05
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-s…
- CVE-2022-34316LOWCVSS 3.7EG 5.32022-11-14
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.
- CVE-2022-43847MEDIUMCVSS 5.4EG 5.42025-04-14
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including c…
- CVE-2022-45102MEDIUMCVSS 5.4EG 6.12023-02-01
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header valu…
- CVE-2023-26289MEDIUMCVSS 5.4EG 5.42024-07-30
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site …
- CVE-2023-32465HIGHCVSS 8.8EG 8.82023-06-14
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to…
- CVE-2023-34036MEDIUMCVSS 5.3EG 5.32023-07-17
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have…
- CVE-2023-35894MEDIUMCVSS 5.4EG 5.42025-03-07
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cro…
- CVE-2023-36919MEDIUMCVSS 5.3EG 5.32023-07-11
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, res…
- CVE-2023-36921HIGHCVSS 7.2EG 7.22023-07-11
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker c…
- CVE-2023-45190MEDIUMCVSS 5.1EG 5.12024-02-09
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable syst…
- CVE-2023-47143CRITICALCVSS 10.0EG 10.02024-02-02
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks again…
- CVE-2024-10006HIGHCVSS 8.3EG 8.32024-10-30
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
- CVE-2024-1064HIGHCVSS 7.5EG 7.52024-02-03
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
- CVE-2024-21499MEDIUMCVSS 4.3EG 4.32024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of secur…
- CVE-2024-22081CRITICALCVSS 9.8EG 9.82024-03-20
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
- CVE-2024-30129MEDIUMCVSS 5.3EG 5.32024-12-06
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.
- CVE-2024-39736MEDIUMCVSS 6.5EG 6.52024-07-15
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable …
- CVE-2024-40686MEDIUMCVSS 5.4EG 5.42025-07-23
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct va…
- CVE-2024-47549HIGHCVSS 7.4EG 7.42024-10-25
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious sc…
- CVE-2024-51451MEDIUMCVSS 6.5EG 6.52026-02-04
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-sit…
- CVE-2024-51464MEDIUMCVSS 4.3EG 4.32024-12-21
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is …
- CVE-2025-0154MEDIUMCVSS 5.3EG 5.32025-04-02
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.
- CVE-2025-13434MEDIUMCVSS 5.3EG 5.32025-11-20
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $_SERVER['HOST'…
- CVE-2025-13803HIGHCVSS 7.3EG 7.32025-12-01
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization…
- CVE-2025-23001MEDIUMCVSS 6.1EG 6.12025-01-31
A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, r…
- CVE-2025-23191LOWCVSS 3.1EG 3.12025-02-11
Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting the…
- CVE-2025-24339MEDIUMCVSS 5.0EG 5.02025-04-30
A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP re…
- CVE-2025-27632MEDIUMCVSS 6.1EG 6.12025-03-25
A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisonin…
- CVE-2025-27901MEDIUMCVSS 6.5EG 6.52026-02-17
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to c…
- CVE-2025-2950MEDIUMCVSS 5.4EG 5.42025-04-18
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change d…
- CVE-2025-36223MEDIUMCVSS 5.4EG 5.42025-11-12
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scrip…
- CVE-2025-40631MEDIUMCVSS 6.1EG 6.12025-05-16
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious li…
- CVE-2025-52647MEDIUMCVSS 6.1EG 6.12025-10-10
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
- CVE-2025-52660LOWCVSS 2.7EG 2.72026-01-19
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
- CVE-2025-63828MEDIUMCVSS 6.1EG 6.12025-11-18
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
- CVE-2025-64425HIGHCVSS 8.1EG 8.12026-01-05
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header…
- CVE-2025-64484HIGHCVSS 8.5EG 8.52025-11-10
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in…
- CVE-2025-66485MEDIUMCVSS 5.4EG 5.42026-04-01
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including c…
- CVE-2025-67724MEDIUMCVSS 5.4EG 5.42025-12-12
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers (where it could be used for header injection) or in HTML in the default error …
- CVE-2026-26234HIGHCVSS 8.8EG 8.82026-02-12
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate prox…
- CVE-2026-33805HIGHCVSS 8.6EG 8.62026-04-15
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip pr…
- CVE-2026-48126HIGHCVSS 8.2EG 8.22026-05-26
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory b…
Map vulnerabilities like CWE-644 to your infrastructure
EchelonGraph correlates every CVE — across CWE-644 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →