CVE-2016-5331

6.1 MEDIUM

Published: August 08, 2016 Modified: May 06, 2026

Description

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2016/Aug/38

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/539128/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/92324

Source: cve@mitre.org

http://www.securitytracker.com/id/1036543

Source: cve@mitre.org

http://www.securitytracker.com/id/1036544

Source: cve@mitre.org

http://www.securitytracker.com/id/1036545

Source: cve@mitre.org

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

Source: cve@mitre.org

Mitigation Patch Vendor Advisory

http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html