CVE-2016-3166

Published on: 04/12/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

  • CVE-2016-3166 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
oss-security - CVE requests for Drupal core (SA-CORE-2016-001) www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001 | Drupal.org Patch
Vendor Advisory
www.drupal.org
text/html
URL Logo CONFIRM www.drupal.org/SA-CORE-2016-001
oss-security - Re: CVE requests for Drupal core (SA-CORE-2016-001) www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)
Debian -- Security Information -- DSA-3498-1 drupal7 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3498

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationDrupalDrupal6.0AllAllAll
ApplicationDrupalDrupal6.0beta1AllAll
ApplicationDrupalDrupal6.0beta2AllAll
ApplicationDrupalDrupal6.0beta3AllAll
ApplicationDrupalDrupal6.0beta4AllAll
ApplicationDrupalDrupal6.0devAllAll
ApplicationDrupalDrupal6.0rc1AllAll
ApplicationDrupalDrupal6.0rc2AllAll
ApplicationDrupalDrupal6.0rc3AllAll
ApplicationDrupalDrupal6.0rc4AllAll
ApplicationDrupalDrupal6.1AllAllAll
ApplicationDrupalDrupal6.10AllAllAll
ApplicationDrupalDrupal6.11AllAllAll
ApplicationDrupalDrupal6.12AllAllAll
ApplicationDrupalDrupal6.13AllAllAll
ApplicationDrupalDrupal6.14AllAllAll
ApplicationDrupalDrupal6.15AllAllAll
ApplicationDrupalDrupal6.16AllAllAll
ApplicationDrupalDrupal6.17AllAllAll
ApplicationDrupalDrupal6.18AllAllAll
ApplicationDrupalDrupal6.19AllAllAll
ApplicationDrupalDrupal6.2AllAllAll
ApplicationDrupalDrupal6.20AllAllAll
ApplicationDrupalDrupal6.21AllAllAll
ApplicationDrupalDrupal6.22AllAllAll
ApplicationDrupalDrupal6.23AllAllAll
ApplicationDrupalDrupal6.24AllAllAll
ApplicationDrupalDrupal6.25AllAllAll
ApplicationDrupalDrupal6.26AllAllAll
ApplicationDrupalDrupal6.27AllAllAll
ApplicationDrupalDrupal6.28AllAllAll
ApplicationDrupalDrupal6.29AllAllAll
ApplicationDrupalDrupal6.3AllAllAll
ApplicationDrupalDrupal6.30AllAllAll
ApplicationDrupalDrupal6.31AllAllAll
ApplicationDrupalDrupal6.32AllAllAll
ApplicationDrupalDrupal6.33AllAllAll
ApplicationDrupalDrupal6.34AllAllAll
ApplicationDrupalDrupal6.35AllAllAll
ApplicationDrupalDrupal6.36AllAllAll
ApplicationDrupalDrupal6.37AllAllAll
ApplicationDrupalDrupal6.4AllAllAll
ApplicationDrupalDrupal6.5AllAllAll
ApplicationDrupalDrupal6.6AllAllAll
ApplicationDrupalDrupal6.7AllAllAll
ApplicationDrupalDrupal6.8AllAllAll
ApplicationDrupalDrupal6.9AllAllAll
ApplicationDrupalDrupal6.0AllAllAll
ApplicationDrupalDrupal6.0beta1AllAll
ApplicationDrupalDrupal6.0beta2AllAll
ApplicationDrupalDrupal6.0beta3AllAll
ApplicationDrupalDrupal6.0beta4AllAll
ApplicationDrupalDrupal6.0devAllAll
ApplicationDrupalDrupal6.0rc1AllAll
ApplicationDrupalDrupal6.0rc2AllAll
ApplicationDrupalDrupal6.0rc3AllAll
ApplicationDrupalDrupal6.0rc4AllAll
ApplicationDrupalDrupal6.1AllAllAll
ApplicationDrupalDrupal6.10AllAllAll
ApplicationDrupalDrupal6.11AllAllAll
ApplicationDrupalDrupal6.12AllAllAll
ApplicationDrupalDrupal6.13AllAllAll
ApplicationDrupalDrupal6.14AllAllAll
ApplicationDrupalDrupal6.15AllAllAll
ApplicationDrupalDrupal6.16AllAllAll
ApplicationDrupalDrupal6.17AllAllAll
ApplicationDrupalDrupal6.18AllAllAll
ApplicationDrupalDrupal6.19AllAllAll
ApplicationDrupalDrupal6.2AllAllAll
ApplicationDrupalDrupal6.20AllAllAll
ApplicationDrupalDrupal6.21AllAllAll
ApplicationDrupalDrupal6.22AllAllAll
ApplicationDrupalDrupal6.23AllAllAll
ApplicationDrupalDrupal6.24AllAllAll
ApplicationDrupalDrupal6.25AllAllAll
ApplicationDrupalDrupal6.26AllAllAll
ApplicationDrupalDrupal6.27AllAllAll
ApplicationDrupalDrupal6.28AllAllAll
ApplicationDrupalDrupal6.29AllAllAll
ApplicationDrupalDrupal6.3AllAllAll
ApplicationDrupalDrupal6.30AllAllAll
ApplicationDrupalDrupal6.31AllAllAll
ApplicationDrupalDrupal6.32AllAllAll
ApplicationDrupalDrupal6.33AllAllAll
ApplicationDrupalDrupal6.34AllAllAll
ApplicationDrupalDrupal6.35AllAllAll
ApplicationDrupalDrupal6.36AllAllAll
ApplicationDrupalDrupal6.37AllAllAll
ApplicationDrupalDrupal6.4AllAllAll
ApplicationDrupalDrupal6.5AllAllAll
ApplicationDrupalDrupal6.6AllAllAll
ApplicationDrupalDrupal6.7AllAllAll
ApplicationDrupalDrupal6.8AllAllAll
ApplicationDrupalDrupal6.9AllAllAll
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*: