CVE-2016-0400

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
ibmwebsphere_extreme_scale
7.1.0
ibmwebsphere_extreme_scale
7.1.0.2
ibmwebsphere_extreme_scale
7.1.1
ibmwebsphere_extreme_scale
8.5.0
ibmwebsphere_extreme_scale
8.5.0.1
ibmwebsphere_extreme_scale
8.5.0.2
ibmwebsphere_extreme_scale
8.6.0.0
ibmwebsphere_extreme_scale
8.6.0.1
ibmwebsphere_extreme_scale
8.6.0.2
ibmwebsphere_extreme_scale
8.6.0.3
ibmwebsphere_extreme_scale
8.6.0.4
ibmwebsphere_extreme_scale
8.6.0.5
ibmwebsphere_extreme_scale
8.6.0.6
ibmwebsphere_extreme_scale
8.6.0.7
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
https://www.exploit-db.com/exploits/40039/
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
https://www.exploit-db.com/exploits/40039/