CVE-2016-3166

Published: Apr 12, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

Affected (49)

Products: Debian: Debian Linux · Drupal: Drupal

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration B

47 vulnerable

Vulnerable Software	Affected Versions
Drupal Drupal	Version 6.0
Drupal Drupal	Version 6.0 beta1
Drupal Drupal	Version 6.0 beta2
Drupal Drupal	Version 6.0 beta3
Drupal Drupal	Version 6.0 beta4
Drupal Drupal	Version 6.0 dev
Drupal Drupal	Version 6.0 rc1
Drupal Drupal	Version 6.0 rc2
Drupal Drupal	Version 6.0 rc3
Drupal Drupal	Version 6.0 rc4
Drupal Drupal	Version 6.10
Drupal Drupal	Version 6.11
Drupal Drupal	Version 6.12
Drupal Drupal	Version 6.13
Drupal Drupal	Version 6.14
Drupal Drupal	Version 6.15
Drupal Drupal	Version 6.16
Drupal Drupal	Version 6.17
Drupal Drupal	Version 6.18
Drupal Drupal	Version 6.19
Drupal Drupal	Version 6.1
Drupal Drupal	Version 6.20
Drupal Drupal	Version 6.21
Drupal Drupal	Version 6.22
Drupal Drupal	Version 6.23
Drupal Drupal	Version 6.24
Drupal Drupal	Version 6.25
Drupal Drupal	Version 6.26
Drupal Drupal	Version 6.27
Drupal Drupal	Version 6.28
Drupal Drupal	Version 6.29
Drupal Drupal	Version 6.2
Drupal Drupal	Version 6.30
Drupal Drupal	Version 6.31
Drupal Drupal	Version 6.32
Drupal Drupal	Version 6.33
Drupal Drupal	Version 6.34
Drupal Drupal	Version 6.35
Drupal Drupal	Version 6.36
Drupal Drupal	Version 6.37
Drupal Drupal	Version 6.3
Drupal Drupal	Version 6.4
Drupal Drupal	Version 6.5
Drupal Drupal	Version 6.6
Drupal Drupal	Version 6.7
Drupal Drupal	Version 6.8
Drupal Drupal	Version 6.9