The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-03-12T15:07:18.532Z

Updated: 2024-08-05T17:48:59.065Z

Reserved: 2024-02-05T11:44:28.014Z

Link: CVE-2024-1226

cve-icon Vulnrichment

Updated: 2024-08-01T18:33:25.120Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-12T15:15:47.727

Modified: 2024-11-21T08:50:05.893

Link: CVE-2024-1226

cve-icon Redhat

No data.