CVE-2016-6484

Published: Jan 23, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.

Affected (1)

Products: Infoblox: Netmri

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Infoblox Netmri	Up to 7.0.1

Related CWEs

Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References (8)

http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/539366/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/92794

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036736

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/539366/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/92794

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036736

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.