CVE-2016-0400 : CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Published 2016-07-02 14:59:05

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2016-0400

IBM » Websphere Extreme Scale » Version: 7.1.0
cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 7.1.1
cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.5.0
cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 7.1.0.2
cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.0
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.1
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.2
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.7
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.4
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.6
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.3
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.6.0.5
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.5.0.2
cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Extreme Scale » Version: 8.5.0.1
cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-0400

EPSS FAQ

4.00%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-0400

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

References for CVE-2016-0400

https://www.exploit-db.com/exploits/40039/

Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898

IBM PI60898: WebSphere eXtreme Scale is subject to HTTP response splitting attacks.

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897

IBM PI60897: WebSphere eXtreme Scale is subject to HTTP response splitting attacks.

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21983036

IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information (CVE-2016-2861, CVE-2016-0400)
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-0400

Products affected by CVE-2016-0400

Exploit prediction scoring system (EPSS) score for CVE-2016-0400

CVSS scores for CVE-2016-0400

References for CVE-2016-0400