vulnerability

VMSA-2016-0010: HTTP Header injection issue in vCenter Server and ESXi (CVE-2016-5331)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Aug 7, 2016	Oct 20, 2016	Nov 27, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Aug 7, 2016

Added

Oct 20, 2016

Modified

Nov 27, 2024

Description

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Solution

vmware-esxi60-upgrade-3620759

References

CVE-2016-5331
https://attackerkb.com/topics/CVE-2016-5331
DISA_SEVERITY-Category II
IAVM-2016-B-0127
URL-http://www.vmware.com/security/advisories/VMSA-2016-0010.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today