CVE-2016-5331

MEDIUM

VMware vCenter Server <6.0 - Code Injection

Title source: llm

Description

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036543

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92324

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036544

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/539128/100/0/threaded

Mitigation, Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Aug/38

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036545

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html

Scores

CVSS v3 6.1

EPSS 0.0191

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-93

Status published

Products (2)

vmware/esxi 6.0

vmware/vcenter_server < 6.0

Published Aug 08, 2016

Tracked Since Feb 18, 2026