CVE-2016-5331

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers…

mitre·CWE-93·Published 2016-08-08

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

206 chars

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

NVDen

206 chars

NVDes

261 chars

Vulnerabilidad de inyección CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuestas HTTP a través de vectores no especificados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N