CVE-2016-0400

MEDIUM

IBM WebSphere eXtreme Scale <7.1.0.3-8.6.0.8 - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Exploits (1)

exploitdb WORKING POC

by blomster81 · c++localwindows_x86

https://www.exploit-db.com/exploits/40039

View Code ZIP pw:eip

References (4)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21983036

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40039/

Scores

CVSS v3 6.1

EPSS 0.0349

EPSS Percentile 87.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

Status draft

Affected Products (14)

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

ibm/websphere_extreme_scale

Timeline

Published Jul 02, 2016

Tracked Since Feb 18, 2026