HTTP header injection attack - CVE-2016-3166
Published: September 9, 2016
Vulnerability identifier: #VU398
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-3166
CWE-ID: CWE-113
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows attackers to perform HTTP header injection attack.
The vulnerability is caused by improper checking of HTTP that increases threat of HTTP header injection attacks for victims using sites running PHP versions older than 5.1.2.
The vulnerability is caused by improper checking of HTTP that increases threat of HTTP header injection attacks for victims using sites running PHP versions older than 5.1.2.
Successful exploitation of this vulnerability may allow a remote attacker to perform other attacks, connected with browser work.
How to mitigate CVE-2016-3166
Upgrade Drupal 6.x to Drupal core 6.38.
Upgrade Drupal 7.x to Drupal core 7.43.
Upgrade Drupal 8.0.x to Drupal core 8.0.4.