Vulnerability Details : CVE-2016-3166

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

Published 2016-04-12 15:59:04

Updated 2016-04-13 00:44:21

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-3166

Probability of exploitation activity in the next 30 days: 0.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-3166

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	2.2	3.6	[email protected]
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2016-3166

Products affected by CVE-2016-3166

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.12
cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.18
cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.20
cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.22
cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC3
cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.16
cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC2
cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta3
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.2
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.10
cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.9
cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.1
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC1
cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.11
cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.3
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.6
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.7
cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.5
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.14
cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.13
cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.21
cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.24
cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.23
cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC4
cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta2
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.15
cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.8
cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.19
cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.17
cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update DEV
cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta4
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.4
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta1
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.25
cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.26
cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.27
cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.28
cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.29
cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.30
cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.32
cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.31
cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.33
cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.34
cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.35
cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.36
cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.37
cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*
Matching versions