CVE-2016-3118

MEDIUM

CA API Gateway <7.1.04-8.3.01-8.4 - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160405-01-security-notice-for-ca-api-gateway.aspx

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

Status published

Products (6)

broadcom/api_gateway 7.1

broadcom/api_gateway 8.0

broadcom/api_gateway 8.1

broadcom/api_gateway 8.2

broadcom/api_gateway 8.3

broadcom/api_gateway 8.4

Published Apr 06, 2016

Tracked Since Feb 18, 2026