CRLF Injection Vulnerability in Node.js ServerResponse#writeHead Function

CRLF Injection Vulnerability in Node.js ServerResponse#writeHead Function

CVE-2016-5325 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

Learn more about our Cis Benchmark Audit For Server Software.