HTTP Header Parsing Code Vulnerability

HTTP Header Parsing Code Vulnerability

CVE-2016-2216 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

Learn more about our Web Application Penetration Testing UK.