Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8024

CWE-1135 documents5 sources
Severity
8.1HIGH
EPSS
9.2%
top 7.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mcafee Virusscan EnterpriseIntel Virusscan Enterprise Linux (vsel)
Timeline
PublishedMar 14
Latest updateMay 17

Description

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5intel/virusscan_enterprise_linux_(vsel)2.0.3 (and earlier)

🔴Vulnerability Details

2
GHSA
GHSA-m5h8-m38m-3pw4: Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 22022-05-17
CVEList
CVE-2016-8024: Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 22017-03-14

💥Exploits & PoCs

1
Exploit-DB
McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution2016-12-13

💬Community

1
Bugzilla
CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution2019-05-23
CVE-2016-8024 (HIGH CVSS 8.1) | Improper neutralization of CRLF seq | cvebase.io