Login Sign Up

CVE-2024-5193

5.3 MEDIUM

📋 TL;DR

This CVE describes a CRLF injection vulnerability in Ritlabs TinyWeb Server 1.94 that allows attackers to inject arbitrary HTTP headers or split responses by manipulating request inputs containing %0D%0A (carriage return line feed). This affects anyone running TinyWeb Server 1.94 with the vulnerable request handler component exposed to network requests.

💻 Affected Systems

Products:
  • Ritlabs TinyWeb Server
Versions: Version 1.94
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.94 with the request handler enabled are vulnerable. The component is enabled by default.

📦 What is this software?

Tinyweb by Ritlabs

View all CVEs affecting Tinyweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform HTTP response splitting to conduct cache poisoning, cross-site scripting, or session fixation attacks against users of the web server.

🟠

Likely Case

HTTP header injection leading to cache poisoning or limited client-side attacks against users accessing the vulnerable server.

🟢

If Mitigated

If proper input validation and output encoding are implemented, the vulnerability would be prevented with minimal impact.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available on GitHub. The attack requires network access to the server but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.99

Vendor Advisory: https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99

Restart Required: Yes

Instructions:

1. Download TinyWeb Server version 1.99 from the official GitHub releases page. 2. Stop the running TinyWeb Server service. 3. Replace the existing installation with version 1.99. 4. Restart the TinyWeb Server service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement a web application firewall or proxy that filters %0D%0A sequences in HTTP requests

Network Segmentation

all

Restrict access to TinyWeb Server to trusted networks only

🧯 If You Can't Patch

  • Implement a reverse proxy with CRLF injection filtering in front of TinyWeb Server
  • Monitor for unusual HTTP requests containing %0D%0A sequences and block offending IPs

🔍 How to Verify

Check if Vulnerable:

Check if TinyWeb Server version is 1.94 by examining the binary or service information

Check Version:

On Windows: Check program properties or service details. On Linux: Check binary version or package manager.

Verify Fix Applied:

Verify the installed version is 1.99 or higher and test with a proof-of-concept request containing %0D%0A

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing %0D%0A sequences
  • Unusual HTTP header patterns in server logs

Network Indicators:

  • HTTP requests with encoded CRLF sequences to the server port

SIEM Query:

source="tinyweb.log" AND "%0D%0A"

📊 Metadata

CVE ID: CVE-2024-5193
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-74
Published: May 22, 2024
Last Updated: January 5, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5193, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)