Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0400

5 documents5 sources
Severity
6.1MEDIUM
EPSS
3.5%
top 12.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Websphere Extreme Scale
Timeline
PublishedJul 2
Latest updateMay 17

Description

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

â–¶NVDibm/websphere_extreme_scale14 versions+13

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

2
GHSA
GHSA-7gmw-69fw-m4p9: CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7↗2022-05-17
â–¶
CVEList
CVE-2016-0400: CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7↗2016-07-02
â–¶

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)↗2016-06-29
â–¶

💬Community

1
Bugzilla
CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages↗2016-04-21
â–¶
CVE-2016-0400 (MEDIUM CVSS 6.1) | CRLF injection vulnerability in IBM | cvebase.io