CVE Vulnerabilities

CVE-2016-0400

Published: Jul 02, 2016 | Modified: Sep 03, 2017
CVSS 3.x
6.1
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Affected Software

Name Vendor Start Version End Version
Websphere_extreme_scale Ibm 7.1.0 (including) 7.1.0 (including)
Websphere_extreme_scale Ibm 7.1.0.2 (including) 7.1.0.2 (including)
Websphere_extreme_scale Ibm 7.1.1 (including) 7.1.1 (including)
Websphere_extreme_scale Ibm 8.5.0 (including) 8.5.0 (including)
Websphere_extreme_scale Ibm 8.5.0.1 (including) 8.5.0.1 (including)
Websphere_extreme_scale Ibm 8.5.0.2 (including) 8.5.0.2 (including)
Websphere_extreme_scale Ibm 8.6.0.0 (including) 8.6.0.0 (including)
Websphere_extreme_scale Ibm 8.6.0.1 (including) 8.6.0.1 (including)
Websphere_extreme_scale Ibm 8.6.0.2 (including) 8.6.0.2 (including)
Websphere_extreme_scale Ibm 8.6.0.3 (including) 8.6.0.3 (including)
Websphere_extreme_scale Ibm 8.6.0.4 (including) 8.6.0.4 (including)
Websphere_extreme_scale Ibm 8.6.0.5 (including) 8.6.0.5 (including)
Websphere_extreme_scale Ibm 8.6.0.6 (including) 8.6.0.6 (including)
Websphere_extreme_scale Ibm 8.6.0.7 (including) 8.6.0.7 (including)

References