CVE-2016-2861
Summary
| CVE | CVE-2016-2861 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-07-02 14:59:10 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. |
Risk And Classification
Primary CVSS: v3.0 3.7 LOW from [email protected]
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Problem Types: CWE-200 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 3.7 | LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
| 2.0 | [email protected] | Primary | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:M/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Websphere Extreme Scale | 7.1.0 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 7.1.0.2 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 7.1.1 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.5.0 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.5.0.1 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.5.0.2 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.0 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.1 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.2 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.3 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.4 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.5 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.6 | All | All | All |
| Application | Ibm | Websphere Extreme Scale | 8.6.0.7 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PI60898: WebSphere eXtreme Scale is subject to HTTP response splitting attacks. | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | |
| Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information (CVE-2016-2861, CVE-2016-0400) | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Patch, Vendor Advisory |
| PI60897: WebSphere eXtreme Scale is subject to HTTP response splitting attacks. | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.