Published: 12/04/2016 Updated: 13/04/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.1.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
debian debian linux 7.0
drupal drupal 6.31
drupal drupal 6.30
drupal drupal 6.3
drupal drupal 6.29
drupal drupal 6.28
drupal drupal 6.16
drupal drupal 6.15
drupal drupal 6.14
drupal drupal 6.13
drupal drupal 6.0
drupal drupal 6.6
drupal drupal 6.5
drupal drupal 6.4
drupal drupal 6.36
drupal drupal 6.23
drupal drupal 6.22
drupal drupal 6.21
drupal drupal 6.20
drupal drupal 6.9
drupal drupal 6.7
drupal drupal 6.35
drupal drupal 6.33
drupal drupal 6.27
drupal drupal 6.25
drupal drupal 6.19
drupal drupal 6.17
drupal drupal 6.12
drupal drupal 6.10
drupal drupal 6.37
drupal drupal 6.8
drupal drupal 6.34
drupal drupal 6.32
drupal drupal 6.26
drupal drupal 6.24
drupal drupal 6.2
drupal drupal 6.18
drupal drupal 6.11
drupal drupal 6.1

NVD-CWE-Other http://www.openwall.com/lists/oss-security/2016/02/24/19 http://www.debian.org/security/2016/dsa-3498 https://www.drupal.org/SA-CORE-2016-001 http://www.openwall.com/lists/oss-security/2016/03/15/10 https://nvd.nist.gov

CVE-2016-3166

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect