HTTP client proxy tunnel headers not validated for CR/LF
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Exploitability
AV:N
AC:L
AT:P
PR:H
UI:P
Vulnerable System
VC:N
VI:H
VA:N
Subsequent System
SC:N
SI:N
SA:N
5.7/CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N