CVE-2016-5933

CWE-254CWE-200Information Exposure5 documents4 sources
Severity
4.6MEDIUM
EPSS
0.2%
top 56.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Tivoli Monitoring V6IBM Tivoli Monitoring
Timeline
PublishedMar 8
Latest updateMay 17

Description

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

NVDibm/tivoli_monitoring23 versions+22
CVEListV5ibm_corporation/tivoli_monitoring_v627 versions+26

🔴Vulnerability Details

2
GHSA
GHSA-5rqg-h4vq-f5hp: IBM Tivoli Monitoring 62022-05-17
CVEList
CVE-2016-5933: IBM Tivoli Monitoring 62017-03-08

📋Vendor Advisories

2
Citrix
CVE-2016-0270: IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which make2017-02-08
Citrix
CVE-2017-5933: Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM2017-02-08
CVE-2016-5933 (MEDIUM CVSS 4.6) | IBM Tivoli Monitoring 6.2 and 6.3 i | cvebase.io