vulnerability
VMware vCenter Server: CVE-2016-5331 (VMSA-2016-0010)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Aug 8, 2016 | Jan 20, 2026 | Jan 20, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Aug 8, 2016
Added
Jan 20, 2026
Modified
Jan 20, 2026
Description
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Solution
vmware-vcenter-server-upgrade-latest
References
- CVE-2016-5331
- https://attackerkb.com/topics/CVE-2016-5331
- URL-http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html
- URL-http://seclists.org/fulldisclosure/2016/Aug/38
- URL-http://www.securityfocus.com/archive/1/539128/100/0/threaded
- URL-http://www.securityfocus.com/bid/92324
- URL-http://www.securitytracker.com/id/1036543
- URL-http://www.securitytracker.com/id/1036544
- URL-http://www.securitytracker.com/id/1036545
- URL-https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23492
- CWE-93
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.