CVE-2016-6484

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.

Ссылки

http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/539366/100/0/threaded
http://www.securityfocus.com/bid/92794
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036736
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/539366/100/0/threaded
http://www.securityfocus.com/bid/92794
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036736
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infoblox:netmri:*:*:*:*:*:*:*:*

Версия до 7.0.1 (включая)

EPSS

Процентиль: 54%

0.00312

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-93

Связанные уязвимости

GHSA-35wp-mq65-94rh