CVE-2016-0400

MEDIUM

IBM WebSphere eXtreme Scale <7.1.0.3-8.6.0.8 - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Exploits (1)

exploitdb WORKING POC

by blomster81 · c++localwindows_x86

https://www.exploit-db.com/exploits/40039

View Code ZIP pw:eip

References (4)

Core 4

Core References

Various Sources vendor-advisory x_refsource_aixapar

http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897

Patch, Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21983036

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40039/

Various Sources vendor-advisory x_refsource_aixapar

http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898

Scores

CVSS v3 6.1

EPSS 0.0349

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Status published

Products (14)

ibm/websphere_extreme_scale 7.1.0

ibm/websphere_extreme_scale 7.1.0.2

ibm/websphere_extreme_scale 7.1.1

ibm/websphere_extreme_scale 8.5.0

ibm/websphere_extreme_scale 8.5.0.1

ibm/websphere_extreme_scale 8.5.0.2

ibm/websphere_extreme_scale 8.6.0.0

ibm/websphere_extreme_scale 8.6.0.1

ibm/websphere_extreme_scale 8.6.0.2

ibm/websphere_extreme_scale 8.6.0.3

... and 4 more

Published Jul 02, 2016

Tracked Since Feb 18, 2026