CVE-2016-6484
Infoblox 7.0.1 CRLF Injection / HTTP Response Splitting
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
Vulnerabilidad de inyección CRLF en Infoblox Network Automation NetMRI en versiones anteriores a 7.1.1 permite a atacantes remotos inyectar encabezados HTTP arbitrarios y llevar acabo ataques de división de respuesta HTTP a través del parámetro contentType en una acción de inicio de sesión para config/userAdmin/login.tdf.
Infoblox versions 7.0.1 and below suffer from CRLF injection attacks that allow for HTTP response splitting.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-07-27 CVE Reserved
- 2016-09-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/539366/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/92794 | Third Party Advisory | |
| http://www.securitytracker.com/id/1036736 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|