CVE-2016-1155

Опубликовано: 13 апр. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

Ссылки

http://www.securityfocus.com/bid/97662
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86eb
https://jvn.jp/vu/JVNVU99757346/index.html
Mitigation
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/97662
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86eb
https://jvn.jp/vu/JVNVU99757346/index.html
Mitigation
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*

cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*

cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05411

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-73v5-qccv-8xj4

CVSS3: 9.8

github

больше 3 лет назад