CVE-2016-8024

Published: Mar 14, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.

Affected (1)

Products: Mcafee: Virusscan Enterprise

1 product

Virusscan Enterprise

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Virusscan Enterprise	Up to 2.0.3

Related CWEs

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

References (8)

http://www.securityfocus.com/bid/94823

Source: secure@intel.com

http://www.securitytracker.com/id/1037433

Source: secure@intel.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10181

Source: secure@intel.com

Vendor Advisory

https://www.exploit-db.com/exploits/40911/

Source: secure@intel.com

http://www.securityfocus.com/bid/94823

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1037433

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10181

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/40911/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.