CVE-2016-0902

MEDIUM

EMC RSA Authentication Manager <8.1 SP1 P14 - HTTP Response Splitting

Title source: llm

Description

CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035755

[Mailing List] http://seclists.org/bugtraq/2016/May/23

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/136994/RSA-Authentication-Manager-XSS-HTTP-Response-Splitting.html

Scores

CVSS v3 5.3

EPSS 0.0070

EPSS Percentile 71.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

Status draft

Affected Products (1)

emc/rsa_authentication_manager < 8.1

Timeline

Published May 07, 2016

Tracked Since Feb 18, 2026