admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-04xx/CVE-2016-0400.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

204 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-0400",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2016-07-02T14:59:05.197",
"lastModified": "2024-11-21T02:41:37.677",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM WebSphere eXtreme Scale 7.1.0 en versiones anteriores a 7.1.0.3, 7.1.1 en versiones anteriores a 7.1.1.1, 8.5 en versiones anteriores a 8.5.0.3 y 8.6 en versiones anteriores a 8.6.0.8 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separaci\u00f3n de respuesta HTTP a trav\u00e9s de una URL manipulada."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF504C3-FC26-4B47-9D19-3095CEA85014"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79D9CF88-822F-4D5C-85C6-6DA81E9E49F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0472C4A-F281-4D5F-BC47-93427833B907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F24E300-FCBA-42E7-A0A0-8067FBE11C9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACD3876-C36B-42DB-9174-C67DD0959BAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B96C0D89-B07B-499E-A746-E3BF1AC6DBD3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A974178A-404C-4BB7-AFE6-8C4A53205B7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE60414F-6EB4-4285-850F-E0F2D5B36C1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "946C4833-5BB2-4E54-8260-CEB66F03AEF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3DBEDF-A66C-4078-BD0D-8810B21EF58B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF20610-8715-4683-83D9-9BBF822C7754"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB3F96D-F1FD-4427-BA83-676DCB7A37AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D365BD10-F98D-4F66-8119-21EBF30C1F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "794E70DC-F220-4C2E-B7AD-15022B9C71D9"
}
]
}
]
}
],
"references": [
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897",
"source": "psirt@us.ibm.com"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898",
"source": "psirt@us.ibm.com"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/40039/",
"source": "psirt@us.ibm.com"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983036",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/40039/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
],
"evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>"
}
Reference in New Issue View Git Blame Copy Permalink