{"id":"CVE-2016-1133","details":"CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.","modified":"2026-04-10T03:33:17.000058Z","published":"2016-01-16T05:59:03.253Z","references":[{"type":"WEB","url":"https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133"},{"type":"ADVISORY","url":"http://jvn.jp/en/jp/JVN45928828/index.html"},{"type":"ADVISORY","url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003"},{"type":"REPORT","url":"https://github.com/h2o/h2o/issues/682"},{"type":"REPORT","url":"https://github.com/h2o/h2o/issues/684"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/h2o/h2o","events":[{"introduced":"0"},{"last_affected":"63ef75ec9c2e286d580326997328e4a90140b57e"},{"introduced":"0"},{"last_affected":"5a3895c5c9141af225644e307228ec1d92db52db"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.1"},{"introduced":"0"},{"last_affected":"1.7.0-beta2"}]}}],"versions":["v0.9.1","v0.9.2","v1.0.1","v1.1.0","v1.1.1","v1.2.0","v1.3.0","v1.3.0-beta1","v1.3.1","v1.4.0","v1.4.1","v1.4.2","v1.5.0","v1.5.0-beta1","v1.5.0-beta2","v1.5.0-beta3","v1.5.0-beta4","v1.5.1","v1.5.2","v1.5.3","v1.6.0","v1.6.0-beta1","v1.6.0-beta2","v1.6.1","v1.7.0-beta1","v1.7.0-beta2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1133.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}