CVE-2016-0400

EUVD-2016-0435
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_extreme_scale
7.1.0
ibmwebsphere_extreme_scale
7.1.0.2
ibmwebsphere_extreme_scale
7.1.1
ibmwebsphere_extreme_scale
8.5.0
ibmwebsphere_extreme_scale
8.5.0.1
ibmwebsphere_extreme_scale
8.5.0.2
ibmwebsphere_extreme_scale
8.6.0.0
ibmwebsphere_extreme_scale
8.6.0.1
ibmwebsphere_extreme_scale
8.6.0.2
ibmwebsphere_extreme_scale
8.6.0.3
ibmwebsphere_extreme_scale
8.6.0.4
ibmwebsphere_extreme_scale
8.6.0.5
ibmwebsphere_extreme_scale
8.6.0.6
ibmwebsphere_extreme_scale
8.6.0.7
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
https://www.exploit-db.com/exploits/40039/
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
https://www.exploit-db.com/exploits/40039/