CWE-113HTTP Response Splitting

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.— MITRE CWE catalog

91 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-113page 2 of 2

Map vulnerabilities like CWE-113 to your infrastructure

EchelonGraph correlates every CVE — across CWE-113 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →